Project

General

Profile

Actions

Todo #9903

closed

Rename IPsec "RSA" options to more generic "Certificate" options

Added by Jim Pingle almost 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
11/15/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

IPsec can use both RSA and ECDSA certificates, so we need to rename any IPsec Certificate-based authentication methods using "RSA" to something more generic, to reflect that they are certificate-based and not necessarily RSA.

For example, changing this:

$p1_authentication_methods = array(
    'hybrid_rsa_server' => array('name' => gettext('Hybrid RSA + Xauth'), 'mobile' => true),
    'xauth_rsa_server' => array('name' => gettext('Mutual RSA + Xauth'), 'mobile' => true),
    'xauth_psk_server' => array('name' => gettext('Mutual PSK + Xauth'), 'mobile' => true),
    'eap-tls' => array('name' => gettext('EAP-TLS'), 'mobile' => true),
    'eap-radius' => array('name' => gettext('EAP-RADIUS'), 'mobile' => true),
    'eap-mschapv2' => array('name' => gettext('EAP-MSChapv2'), 'mobile' => true),
    'rsasig' => array('name' => gettext('Mutual RSA'), 'mobile' => false),
    'pre_shared_key' => array('name' => gettext('Mutual PSK'), 'mobile' => false)
);

Into this:

$p1_authentication_methods = array(
    'hybrid_cert_server' => array('name' => gettext('Hybrid Certificate + Xauth'), 'mobile' => true),
    'xauth_cert_server' => array('name' => gettext('Mutual Certificate + Xauth'), 'mobile' => true),
    'xauth_psk_server' => array('name' => gettext('Mutual PSK + Xauth'), 'mobile' => true),
    'eap-tls' => array('name' => gettext('EAP-TLS'), 'mobile' => true),
    'eap-radius' => array('name' => gettext('EAP-RADIUS'), 'mobile' => true),
    'eap-mschapv2' => array('name' => gettext('EAP-MSChapv2'), 'mobile' => true),
    'cert' => array('name' => gettext('Mutual Certificate'), 'mobile' => false),
    'pre_shared_key' => array('name' => gettext('Mutual PSK'), 'mobile' => false)
);

Needs upgrade code to adjust existing settings to match new values. There are references to "rsa" throughout the IPsec backend code as well that check for these options that need adjusted to match as well.

This was split off from #4991 since it's a separate task.

Actions #1

Updated by Jim Pingle almost 2 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Viktor Gurov almost 2 years ago

Jim Pingle wrote:

Applied in changeset d1f5587d48af48817336fdf8644ea7d7679cf037.

tested on 2.5.0.a.20191211.1308

Resolved

Actions #3

Updated by Jim Pingle almost 2 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF