diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc index 529132352..c54edd6f1 100644 --- a/src/etc/inc/plugins.inc.d/ipsec.inc +++ b/src/etc/inc/plugins.inc.d/ipsec.inc @@ -60,20 +60,22 @@ const IPSEC_LOG_LEVELS = [ 4 => 'Highest', ]; -function getKeyType($f) { - $default="RSA"; - if (!($k = openssl_pkey_get_private($f))) return $default; - if (!($d = openssl_pkey_get_details($k))) return $default; - switch ($d['type']) { - case OPENSSL_KEYTYPE_RSA: - return "RSA"; - break; - case OPENSSL_KEYTYPE_EC: - return "ECDSA"; - break; - default: - return $default; - } +function ipsec_get_key_type($f) { + $keytype="RSA"; + if ($k = openssl_pkey_get_private("file://".$f)) { + if ($d = openssl_pkey_get_details($k)) { + switch ($d['type']) { + case OPENSSL_KEYTYPE_RSA: + $keytype = "RSA"; + break; + case OPENSSL_KEYTYPE_EC: + $keytype = "ECDSA"; + break; + } + } + } + + return $keytype; } @@ -1138,7 +1140,7 @@ function ipsec_configure_do($verbose = false, $interface = '') @chmod($ph1certfile, 0600); /* XXX" Traffic selectors? */ - $pskconf .= " : ".getKeyType($ph1keyfile)." {$ph1keyfile}\n"; + $pskconf .= " : ".ipsec_get_key_type($ph1keyfile)." {$ph1keyfile}\n"; } elseif (!empty($ph1ent['pre-shared-key'])) { $myid = isset($ph1ent['mobile']) ? trim(ipsec_find_id($ph1ent, "local")) : ""; $peerid_data = isset($ph1ent['mobile']) ? "%any" : ipsec_find_id($ph1ent, "peer"); @@ -1180,7 +1182,7 @@ function ipsec_configure_do($verbose = false, $interface = '') } @chmod($ph1privatekeyfile, 0600); - $pskconf .= " : ".getKeyType($ph1privatekeyfile)." {$ph1privatekeyfile}\n"; + $pskconf .= " : ".ipsec_get_key_type($ph1privatekeyfile)." {$ph1privatekeyfile}\n"; } if (!empty($ph1ent['peer-kpref'])) {