Project

General

Profile

Actions

Bug #5323

closed

My Certificate Authority is displayed/saved for authentication methods where it is not needed

Added by Matthew Smith about 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
10/20/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.x
Affected Architecture:

Description

On the IPSec phase 1 settings page (vpn_ipsec_phase1.php), the field "My Certificate Authority" is displayed for all authentication methods except "Mutual PSK" and "Mutual PSK + xauth". That attribute is used to specify the trust chain that will be accepted for a peer that is using a certificate to authenticate. The only methods where this is required are "Mutual RSA", "Mutual RSA + xauth", and "EAP-TLS". The attribute also ends up being displayed and saved when the methods "Hybrid RSA + xauth", "EAP-RADIUS", and "EAP-MSCHAPv2" are selected. The peer does not use a certificate to authenticate for those methods.

The field should only be displayed for the methods where it will be used and it should only be saved to the config.xml for those methods.

Actions

Also available in: Atom PDF