psk-ordering.diff - pfSense - pfSense bugtracker

Bug #6668 » psk-ordering.diff

Jim Pingle, 11/04/2016 10:35 AM

+    	}
     	$pskconf = "";
     	$late_pskconf = "";
     	$vpncas = array();
     	if (is_array($a_phase1) && count($a_phase1)) {
-...
     					$peerid = "@{$peerid}";
+    				}
     				$pskconfent = "";
     				$late = false;
     				if (!empty($ph1ent['pre-shared-key'])) {
     					$pskconf .= "{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
     					if ($myid == "%any") {
     						$late = true;
+    					}
     					$pskconfent = "{$myid} {$peerid} : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
     					if (isset($ph1ent['mobile'])) {
     						$pskconf .= " : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
     						$pskconfent = " : PSK 0s" . base64_encode(trim($ph1ent['pre-shared-key'])) . "\n";
+    					}
     					/* Store PSKs with wildcard IDs later to prevent over-matching */
     					if ($late) {
     						$pskconf_late .= $pskconfent;
     					} else {
     						$pskconf .= $pskconfent;
+    					}
+    				}
+    			}
-...
     	/* add PSKs for mobile clients */
     	if (is_array($ipseccfg['mobilekey'])) {
     		foreach ($ipseccfg['mobilekey'] as $key) {
     			if ($key['ident'] == "allusers") {
     				$key['ident'] = '%any';
+    			}
     			if ($key['ident'] == "any") {
     				$key['ident'] = '%any';
+    			}
     			if (empty($key['type'])) {
     				$key['type'] = 'PSK';
+    			}
     			$pskconf .= " {$key['ident']} : {$key['type']} 0s" . base64_encode($key['pre-shared-key']) . "\n";
     			if (($key['ident'] == "allusers") || ($key['ident'] == "any")) {
     				/* Store wildcard PSKs last as they could over-match unintentionally */
     				$late_pskconf .= " %any : {$key['type']} 0s" . base64_encode($key['pre-shared-key']) . "\n";
     			} else {
     				$pskconf .= " {$key['ident']} : {$key['type']} 0s" . base64_encode($key['pre-shared-key']) . "\n";
+    			}
+    		}
     		$pskconf .= $late_pskconf;
     		unset($key);
+    	}

(1-1/1)

Project

General

Profile

pfSense

Bug #6668 » psk-ordering.diff