From d5dd538d0e30d0e4b1f80286e14f1d38930c1e24 Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Thu, 16 Jul 2015 15:56:26 -0300
Subject: Add leftid and rightid value between double quotes on ipsec config
 when type is asn1dn. Ticket #4792

---
 etc/inc/ipsec.inc | 3 ---
 etc/inc/vpn.inc   | 8 ++++++++
 2 files changed, 8 insertions(+), 3 deletions(-)

(limited to 'etc')

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index 5c7d15d..d3a6fe8 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -727,9 +727,6 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
 			break;
 		case 'asn1dn':
 			$thisid_data = $id_data;
-			if ($thisid_data && $thisid_data[0] != '"') {
-				$thisid_data = "\"{$id_data}\"";
-			}
 			break;
 	}
 	return array($thisid_type, $thisid_data);
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 44d96e5..b328975 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -825,6 +825,10 @@ EOD;
 			list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local');
 			if ($myid_type != 'address' && $myid_type != 'keyid') {
 				$myid_data = "{$myid_type}:{$myid_data}";
+				/* asn1dn needs double quotes */
+				if ($myid_type == "asn1dn") {
+					$myid_data = '"' . $myid_data . '"';
+				}
 			}
 
 			/* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */
@@ -833,6 +837,10 @@ EOD;
 				list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap);
 				if ($peerid_type != 'address' && $peerid_type != 'keyid') {
 					$peerid_spec = "{$peerid_type}:{$peerid_data}";
+					/* asn1dn needs double quotes */
+					if ($peerid_type == "asn1dn") {
+						$peerid_spec = '"' . $peerid_spec . '"';
+					}
 				} else {
 					$peerid_spec = $peerid_data;
 				}
-- 
cgit v1.1