From b1c11e3e563bd713d3de7ae499c6d2c46745e655 Mon Sep 17 00:00:00 2001
From: Davide De Rosa <keeshux@gmail.com>
Date: Wed, 20 Nov 2019 01:03:50 +0100
Subject: [PATCH] Make --ca and --cipher non-optional in .ovpn

Dodge those annoying scenarios where server cipher is not set
and defaults to BF-CBC, whereas default TunnelKit cipher
is AES-128-CBC. And data channel stalls.
---
 CHANGELOG.md                                               | 6 ++++++
 .../Sources/Protocols/OpenVPN/ConfigurationParser.swift    | 7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 526b781..21b515a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+
+### Changed
+
+- Require explicit `--ca` and `--cipher` in .ovpn configuration file.
+
 ## 2.1.0 (2019-11-03)
 
 ### Added
diff --git a/TunnelKit/Sources/Protocols/OpenVPN/ConfigurationParser.swift b/TunnelKit/Sources/Protocols/OpenVPN/ConfigurationParser.swift
index 68481d3..8be64f7 100644
--- a/TunnelKit/Sources/Protocols/OpenVPN/ConfigurationParser.swift
+++ b/TunnelKit/Sources/Protocols/OpenVPN/ConfigurationParser.swift
@@ -587,6 +587,13 @@ extension OpenVPN {
                 }
             }
             
+            guard let _ = optCA else {
+                throw ConfigurationError.missingConfiguration(option: "ca")
+            }
+            guard let _ = optCipher else {
+                throw ConfigurationError.missingConfiguration(option: "cipher")
+            }
+            
             //
             
             var sessionBuilder = ConfigurationBuilder()