Project

General

Profile

Todo #9903

Rename IPsec "RSA" options to more generic "Certificate" options

Added by Jim Pingle 11 months ago. Updated 11 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
11/15/2019
Due date:
% Done:

100%

Estimated time:

Description

IPsec can use both RSA and ECDSA certificates, so we need to rename any IPsec Certificate-based authentication methods using "RSA" to something more generic, to reflect that they are certificate-based and not necessarily RSA.

For example, changing this:

$p1_authentication_methods = array(
    'hybrid_rsa_server' => array('name' => gettext('Hybrid RSA + Xauth'), 'mobile' => true),
    'xauth_rsa_server' => array('name' => gettext('Mutual RSA + Xauth'), 'mobile' => true),
    'xauth_psk_server' => array('name' => gettext('Mutual PSK + Xauth'), 'mobile' => true),
    'eap-tls' => array('name' => gettext('EAP-TLS'), 'mobile' => true),
    'eap-radius' => array('name' => gettext('EAP-RADIUS'), 'mobile' => true),
    'eap-mschapv2' => array('name' => gettext('EAP-MSChapv2'), 'mobile' => true),
    'rsasig' => array('name' => gettext('Mutual RSA'), 'mobile' => false),
    'pre_shared_key' => array('name' => gettext('Mutual PSK'), 'mobile' => false)
);

Into this:

$p1_authentication_methods = array(
    'hybrid_cert_server' => array('name' => gettext('Hybrid Certificate + Xauth'), 'mobile' => true),
    'xauth_cert_server' => array('name' => gettext('Mutual Certificate + Xauth'), 'mobile' => true),
    'xauth_psk_server' => array('name' => gettext('Mutual PSK + Xauth'), 'mobile' => true),
    'eap-tls' => array('name' => gettext('EAP-TLS'), 'mobile' => true),
    'eap-radius' => array('name' => gettext('EAP-RADIUS'), 'mobile' => true),
    'eap-mschapv2' => array('name' => gettext('EAP-MSChapv2'), 'mobile' => true),
    'cert' => array('name' => gettext('Mutual Certificate'), 'mobile' => false),
    'pre_shared_key' => array('name' => gettext('Mutual PSK'), 'mobile' => false)
);

Needs upgrade code to adjust existing settings to match new values. There are references to "rsa" throughout the IPsec backend code as well that check for these options that need adjusted to match as well.

This was split off from #4991 since it's a separate task.

Associated revisions

Revision d1f5587d (diff)
Added by Jim Pingle 11 months ago

Rename IPsec "RSA" options to "Certificate". Implements #9903

History

#1 Updated by Jim Pingle 11 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#2 Updated by Viktor Gurov 11 months ago

Jim Pingle wrote:

Applied in changeset d1f5587d48af48817336fdf8644ea7d7679cf037.

tested on 2.5.0.a.20191211.1308

Resolved

#3 Updated by Jim Pingle 11 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF