lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

IPsec: fix identity quoting for asn1dn and fqdn types. close://github.com/opnsense/core/issues/5155

Browse Source
This commit is contained in:
Ad Schellevis 2021-08-09 15:08:49 +02:00
parent f03d978bb0
commit 9963de28c0
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/etc/inc/plugins.inc.d/ipsec.inc
View File

@ -815,7 +815,13 @@ function ipsec_find_id(&$ph1ent, $side = 'local')
} elseif (empty($id_data)) {
$thisid_data = null;
} elseif (in_array($id_type, ["asn1dn", "fqdn"])) {
$thisid_data = "{$id_type}:{$id_data}";
if (strpos($id_data, "#") !== false) {
// XXX: the same quoting likely applies to other to the docs, but to limit impact keep only fix here
// (https://wiki.strongswan.org/projects/strongswan/wiki/IdentityParsing)
$thisid_data = "\"{$id_type}:{$id_data}\"";
} else {
$thisid_data = "{$id_type}:{$id_data}";
}
} elseif ($id_type == "keyid tag") {
$thisid_data = "keyid:{$id_data}";
} elseif ($id_type == "user_fqdn") {