Révision c650b2f7
Ajouté par Ermal il y a plus de 9 ans
usr/local/www/vpn_ipsec_phase2.php | ||
---|---|---|
127 | 127 |
$input_errors[] = gettext("A valid ikeid must be specified."); |
128 | 128 |
|
129 | 129 |
/* input validation */ |
130 |
$reqdfields = explode(" ", "localid_type halgos uniqid");
|
|
131 |
$reqdfieldsn = array(gettext("Local network type"),gettext("P2 Hash Algorithms"), gettext("Unique Identifier"));
|
|
130 |
$reqdfields = explode(" ", "localid_type uniqid"); |
|
131 |
$reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier")); |
|
132 | 132 |
if (!isset($pconfig['mobile'])){ |
133 | 133 |
$reqdfields[] = "remoteid_type"; |
134 | 134 |
$reqdfieldsn[] = gettext("Remote network type"); |
... | ... | |
254 | 254 |
|
255 | 255 |
if (!count($ealgos)) { |
256 | 256 |
$input_errors[] = gettext("At least one encryption algorithm must be selected."); |
257 |
} else { |
|
258 |
if (empty($pconfig['halgo'])) { |
|
259 |
foreach ($ealgos as $ealgo) { |
|
260 |
if (!strpos($ealgo['name'], "gcm")) { |
|
261 |
$input_errors[] = gettext("At least one hashing algorithm needs to be selected."); |
|
262 |
break; |
|
263 |
} |
|
264 |
} |
|
265 |
} |
|
257 | 266 |
} |
267 |
|
|
258 | 268 |
} |
259 | 269 |
if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) { |
260 | 270 |
$input_errors[] = gettext("The P2 lifetime must be an integer."); |
... | ... | |
277 | 287 |
|
278 | 288 |
$ph2ent['protocol'] = $pconfig['proto']; |
279 | 289 |
$ph2ent['encryption-algorithm-option'] = $ealgos; |
280 |
$ph2ent['hash-algorithm-option'] = $pconfig['halgos']; |
|
290 |
if (!empty($pconfig['halgos'])) |
|
291 |
$ph2ent['hash-algorithm-option'] = $pconfig['halgos']; |
|
292 |
else |
|
293 |
unset($ph2ent['hash-algorithm-option']); |
|
281 | 294 |
$ph2ent['pfsgroup'] = $pconfig['pfsgroup']; |
282 | 295 |
$ph2ent['lifetime'] = $pconfig['lifetime']; |
283 | 296 |
$ph2ent['pinghost'] = $pconfig['pinghost']; |
Formats disponibles : Unified diff
Allow HASH algorithms to be empty for phase2 in case the encryption one is AES-GCM