Project

General

Profile

« Previous | Next » 

Revision 896b8510

Added by Renato Botelho about 10 years ago

Fixes for IPSec ASN1.DN, ticket #4792

- Do not add leftid to confir when value is empty
- When asn1dn param is in binary form, explicit type
- Always add double quotes for asn1dn

View differences:

etc/inc/vpn.inc
823 823 
			}
824 824 

  		




  825
  825
  
    
			list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local');


  		




  826
  
  
    
			if ($myid_type != 'address' && $myid_type != 'keyid') {


  		




  
  826
  
    
			if ($myid_type != 'address' && $myid_type != 'keyid' && $myid_type != 'asn1dn') {


  		




  827
  827
  
    
				$myid_data = "{$myid_type}:{$myid_data}";


  		




  
  828
  
    
			} elseif ($myid_type == "asn1dn" && !empty($myid_data)) {


  		




  
  829
  
    
				if ($myid_data[0] == '#') {


  		




  828
  830
  
    
				/* asn1dn needs double quotes */


  		




  829
  
  
    
				if ($myid_type == "asn1dn") {


  		




  830
  
  
    
					$myid_data = '"' . $myid_data . '"';


  		




  
  831
  
    
					$myid_data = "\"{$myid_type}:{$myid_data}\"";


  		




  
  832
  
    
				} else {


  		




  
  833
  
    
					$myid_data = "\"{$myid_data}\"";


  		




  831
  834
  
    
				}


  		




  832
  835
  
    
			}


  		




  
  836
  
    
			$leftid = '';


  		




  
  837
  
    
			if (!empty($myid_data)) {


  		




  
  838
  
    
				$leftid = "leftid = {$myid_data}";


  		




  
  839
  
    
			}


  		




  833
  840
  
    

  		




  834
  841
  
    
			/* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */


  		




  835
  842
  
    
			$peerid_spec = '';


  		




  836
  843
  
    
			if (!isset($ph1ent['mobile'])) {


  		




  837
  844
  
    
				list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap);


  		




  838
  
  
    
				if ($peerid_type != 'address' && $peerid_type != 'keyid') {


  		




  
  845
  
    
				if ($peerid_type != 'address' && $peerid_type != 'keyid' && $peerid_type != 'asn1dn') {


  		




  839
  846
  
    
					$peerid_spec = "{$peerid_type}:{$peerid_data}";


  		




  
  847
  
    
				} elseif ($peerid_type == "asn1dn") {


  		




  840
  848
  
    
					/* asn1dn needs double quotes */


  		




  841
  
  
    
					if ($peerid_type == "asn1dn") {


  		




  842
  
  
    
						$peerid_spec = '"' . $peerid_spec . '"';


  		




  
  849
  
    
					if ($peerid_data[0] == '#') {


  		




  
  850
  
    
						$peerid_spec = "\"{$peerid_type}:{$peerid_data}\"";


  		




  
  851
  
    
					} elseif (!empty($peerid_data)) {


  		




  
  852
  
    
						$peerid_spec = "\"{$peerid_data}\"";


  		




  843
  853
  
    
					}


  		




  844
  854
  
    
				} else {


  		




  845
  855
  
    
					$peerid_spec = $peerid_data;


  		




  ......




  1161
  1171
  
    
	auto = {$passive}


  		




  1162
  1172
  
    
	left = {$left_spec}


  		




  1163
  1173
  
    
	right = {$right_spec}


  		




  1164
  
  
    
	leftid = {$myid_data}


  		




  
  1174
  
    
	{$leftid}


  		




  1165
  1175
  
    

  		




  1166
  1176
  
    
EOD;


  		




  1167
  1177
  
    

  		












Also available in:  Unified diff