mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-12-26 01:59:53 +03:00
Merge pull request #1210 from nokia/openssl_engine_auth
Openssl engine certificate authentication
This commit is contained in:
commit
3cf23e58a3
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Cedar Communication Module
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Cedar.h
|
||||
// Header of Cedar.c
|
||||
@ -376,6 +376,7 @@
|
||||
#define CLIENT_AUTHTYPE_PLAIN_PASSWORD 2 // Plain password authentication
|
||||
#define CLIENT_AUTHTYPE_CERT 3 // Certificate authentication
|
||||
#define CLIENT_AUTHTYPE_SECURE 4 // Secure device authentication
|
||||
#define CLIENT_AUTHTYPE_OPENSSLENGINE 5 // Openssl engine authentication
|
||||
|
||||
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Cedar Communication Module
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Client.c
|
||||
// Client Manager
|
||||
@ -4402,6 +4402,17 @@ void InRpcClientAuth(CLIENT_AUTH *c, PACK *p)
|
||||
PackGetStr(p, "SecurePublicCertName", c->SecurePublicCertName, sizeof(c->SecurePublicCertName));
|
||||
PackGetStr(p, "SecurePrivateKeyName", c->SecurePrivateKeyName, sizeof(c->SecurePrivateKeyName));
|
||||
break;
|
||||
|
||||
case CLIENT_AUTHTYPE_OPENSSLENGINE:
|
||||
b = PackGetBuf(p, "ClientX");
|
||||
if (b != NULL)
|
||||
{
|
||||
c->ClientX = BufToX(b, false);
|
||||
FreeBuf(b);
|
||||
}
|
||||
PackGetStr(p, "OpensslEnginePrivateKeyName", c->OpensslEnginePrivateKeyName, sizeof(c->OpensslEnginePrivateKeyName));
|
||||
PackGetStr(p, "OpensslEngineName", c->OpensslEngineName, sizeof(c->OpensslEngineName));
|
||||
break;
|
||||
}
|
||||
}
|
||||
void OutRpcClientAuth(PACK *p, CLIENT_AUTH *c)
|
||||
@ -4448,6 +4459,17 @@ void OutRpcClientAuth(PACK *p, CLIENT_AUTH *c)
|
||||
PackAddStr(p, "SecurePublicCertName", c->SecurePublicCertName);
|
||||
PackAddStr(p, "SecurePrivateKeyName", c->SecurePrivateKeyName);
|
||||
break;
|
||||
|
||||
case CLIENT_AUTHTYPE_OPENSSLENGINE:
|
||||
b = XToBuf(c->ClientX, false);
|
||||
if (b != NULL)
|
||||
{
|
||||
PackAddBuf(p, "ClientX", b);
|
||||
FreeBuf(b);
|
||||
}
|
||||
PackAddStr(p, "OpensslEnginePrivateKeyName", c->OpensslEnginePrivateKeyName);
|
||||
PackAddStr(p, "OpensslEngineName", c->OpensslEngineName);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -6402,6 +6424,11 @@ bool CtConnect(CLIENT *c, RPC_CLIENT_CONNECT *connect)
|
||||
// Register a procedure for secure device authentication
|
||||
r->ClientAuth->SecureSignProc = CiSecureSignProc;
|
||||
}
|
||||
else if (r->ClientAuth->AuthType == CLIENT_AUTHTYPE_OPENSSLENGINE)
|
||||
{
|
||||
/* r->ClientAuth->ClientK = OpensslEngineToK("asdf"); */
|
||||
r->ClientAuth->SecureSignProc = NULL;
|
||||
}
|
||||
else
|
||||
{
|
||||
r->ClientAuth->SecureSignProc = NULL;
|
||||
@ -9266,6 +9293,20 @@ CLIENT_AUTH *CiLoadClientAuth(FOLDER *f)
|
||||
CfgGetStr(f, "SecurePublicCertName", a->SecurePublicCertName, sizeof(a->SecurePublicCertName));
|
||||
CfgGetStr(f, "SecurePrivateKeyName", a->SecurePrivateKeyName, sizeof(a->SecurePrivateKeyName));
|
||||
break;
|
||||
|
||||
case CLIENT_AUTHTYPE_OPENSSLENGINE:
|
||||
b = CfgGetBuf(f, "ClientCert");
|
||||
if (b != NULL)
|
||||
{
|
||||
a->ClientX = BufToX(b, false);
|
||||
}
|
||||
FreeBuf(b);
|
||||
if (CfgGetStr(f, "OpensslEnginePrivateKeyName", a->OpensslEnginePrivateKeyName, sizeof(a->OpensslEnginePrivateKeyName)))
|
||||
{
|
||||
a->ClientK = OpensslEngineToK(a->OpensslEnginePrivateKeyName, a->OpensslEngineName);
|
||||
}
|
||||
CfgGetStr(f, "OpensslEngineName", a->OpensslEngineName, sizeof(a->OpensslEngineName));
|
||||
break;
|
||||
}
|
||||
|
||||
return a;
|
||||
@ -9810,6 +9851,16 @@ void CiWriteClientAuth(FOLDER *f, CLIENT_AUTH *a)
|
||||
CfgAddStr(f, "SecurePublicCertName", a->SecurePublicCertName);
|
||||
CfgAddStr(f, "SecurePrivateKeyName", a->SecurePrivateKeyName);
|
||||
break;
|
||||
|
||||
case CLIENT_AUTHTYPE_OPENSSLENGINE:
|
||||
if (a->ClientX != NULL) {
|
||||
b = XToBuf(a->ClientX, false);
|
||||
CfgAddByte(f, "ClientCert", b->Buf, b->Size);
|
||||
FreeBuf(b);
|
||||
}
|
||||
CfgAddStr(f, "OpensslEnginePrivateKeyName", a->OpensslEnginePrivateKeyName);
|
||||
CfgAddStr(f, "OpensslEngineName", a->OpensslEngineName);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Cedar Communication Module
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Client.h
|
||||
// Header of Client.c
|
||||
|
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Cedar Communication Module
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Command.c
|
||||
// vpncmd Command Line Management Utility
|
||||
@ -2948,6 +2948,7 @@ void PcMain(PC *pc)
|
||||
{"AccountStatusShow", PcAccountStatusShow},
|
||||
{"AccountStatusHide", PcAccountStatusHide},
|
||||
{"AccountSecureCertSet", PcAccountSecureCertSet},
|
||||
{"AccountOpensslEngineCertSet", PcAccountOpensslEngineCertSet},
|
||||
{"AccountRetrySet", PcAccountRetrySet},
|
||||
{"AccountStartupSet", PcAccountStartupSet},
|
||||
{"AccountStartupRemove", PcAccountStartupRemove},
|
||||
@ -4721,7 +4722,7 @@ UINT PcAccountCertGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
|
||||
if (ret == ERR_NO_ERROR)
|
||||
{
|
||||
if (t.ClientAuth->AuthType != CLIENT_AUTHTYPE_CERT)
|
||||
if (t.ClientAuth->AuthType != CLIENT_AUTHTYPE_CERT && t.ClientAuth->AuthType != CLIENT_AUTHTYPE_OPENSSLENGINE)
|
||||
{
|
||||
c->Write(c, _UU("CMD_CascadeCertSet_Not_Auth_Cert"));
|
||||
ret = ERR_INTERNAL_ERROR;
|
||||
@ -6420,6 +6421,76 @@ UINT PcAccountSecureCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
|
||||
return ret;
|
||||
}
|
||||
|
||||
UINT PcAccountOpensslEngineCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
LIST *o;
|
||||
PC *pc = (PC *)param;
|
||||
UINT ret = ERR_NO_ERROR;
|
||||
RPC_CLIENT_GET_ACCOUNT t;
|
||||
// Parameter list that can be specified
|
||||
PARAM args[] =
|
||||
{
|
||||
{"[name]", CmdPrompt, _UU("CMD_AccountCreate_Prompt_Name"), CmdEvalNotEmpty, NULL},
|
||||
{"LOADCERT", CmdPrompt, _UU("CMD_LOADCERTPATH"), CmdEvalIsFile, NULL},
|
||||
{"KEYNAME", CmdPrompt, _UU("CMD_AccountOpensslCertSet_PROMPT_KEYNAME"), CmdEvalNotEmpty, NULL},
|
||||
{"ENGINENAME", CmdPrompt, _UU("CMD_AccountOpensslCertSet_PROMPT_ENGINENAME"), CmdEvalNotEmpty, NULL},
|
||||
};
|
||||
|
||||
// Get the parameter list
|
||||
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
|
||||
if (o == NULL)
|
||||
{
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
// RPC call
|
||||
Zero(&t, sizeof(t));
|
||||
|
||||
UniStrCpy(t.AccountName, sizeof(t.AccountName), GetParamUniStr(o, "[name]"));
|
||||
|
||||
ret = CcGetAccount(pc->RemoteClient, &t);
|
||||
|
||||
if (ret == ERR_NO_ERROR)
|
||||
{
|
||||
RPC_CLIENT_CREATE_ACCOUNT z;
|
||||
t.ClientAuth->AuthType = CLIENT_AUTHTYPE_OPENSSLENGINE;
|
||||
X *x;
|
||||
x = FileToXW(GetParamUniStr(o, "LOADCERT"));
|
||||
if (x == NULL)
|
||||
{
|
||||
c->Write(c, _UU("CMD_LOADCERT_FAILED"));
|
||||
}
|
||||
StrCpy(t.ClientAuth->OpensslEnginePrivateKeyName, sizeof(t.ClientAuth->OpensslEnginePrivateKeyName),
|
||||
GetParamStr(o, "KEYNAME"));
|
||||
StrCpy(t.ClientAuth->OpensslEngineName, sizeof(t.ClientAuth->OpensslEngineName),
|
||||
GetParamStr(o, "ENGINENAME"));
|
||||
t.ClientAuth->ClientX = CloneX(x);
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
|
||||
if (ret != ERR_NO_ERROR)
|
||||
{
|
||||
// Error has occurred
|
||||
CmdPrintError(c, ret);
|
||||
}
|
||||
|
||||
CiFreeClientGetAccount(&t);
|
||||
|
||||
// Release of the parameter list
|
||||
FreeParamValueList(o);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
// Set the retry interval and number of retries when disconnect or connection failure of connection settings
|
||||
UINT PcAccountRetrySet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
|
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Cedar Communication Module
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Command.h
|
||||
// Header of Command.c
|
||||
@ -368,6 +368,7 @@ UINT PcAccountNicSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PcAccountStatusShow(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PcAccountStatusHide(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PcAccountSecureCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PcAccountOpensslEngineCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PcAccountRetrySet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PcAccountStartupSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
UINT PcAccountStartupRemove(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
|
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Cedar Communication Module
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Connection.c
|
||||
// Connection Manager
|
||||
@ -539,6 +539,14 @@ CLIENT_AUTH *CopyClientAuth(CLIENT_AUTH *a)
|
||||
StrCpy(ret->SecurePublicCertName, sizeof(ret->SecurePublicCertName), a->SecurePublicCertName);
|
||||
StrCpy(ret->SecurePrivateKeyName, sizeof(ret->SecurePrivateKeyName), a->SecurePrivateKeyName);
|
||||
break;
|
||||
|
||||
case CLIENT_AUTHTYPE_OPENSSLENGINE:
|
||||
// Secure device authentication
|
||||
ret->ClientX = CloneX(a->ClientX);
|
||||
StrCpy(ret->OpensslEnginePrivateKeyName, sizeof(ret->OpensslEnginePrivateKeyName), a->OpensslEnginePrivateKeyName);
|
||||
StrCpy(ret->OpensslEngineName, sizeof(ret->OpensslEngineName), a->OpensslEngineName);
|
||||
ret->ClientK = OpensslEngineToK(ret->OpensslEnginePrivateKeyName, ret->OpensslEngineName);
|
||||
break;
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Cedar Communication Module
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Connection.h
|
||||
// Header of Connection.c
|
||||
@ -99,6 +99,8 @@ struct CLIENT_AUTH
|
||||
K *ClientK; // Client private key
|
||||
char SecurePublicCertName[MAX_SECURE_DEVICE_FILE_LEN + 1]; // Secure device certificate name
|
||||
char SecurePrivateKeyName[MAX_SECURE_DEVICE_FILE_LEN + 1]; // Secure device secret key name
|
||||
char OpensslEnginePrivateKeyName[MAX_SECURE_DEVICE_FILE_LEN + 1]; // Secure device secret key name
|
||||
char OpensslEngineName[MAX_SECURE_DEVICE_FILE_LEN + 1]; // Secure device secret key name
|
||||
CHECK_CERT_PROC *CheckCertProc; // Server certificate confirmation procedure
|
||||
SECURE_SIGN_PROC *SecureSignProc; // Security signing procedure
|
||||
};
|
||||
|
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Cedar Communication Module
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Link.c
|
||||
// Inter-HUB Link
|
||||
@ -622,7 +622,7 @@ LINK *NewLink(CEDAR *cedar, HUB *hub, CLIENT_OPTION *option, CLIENT_AUTH *auth,
|
||||
|
||||
// Limitation of authentication method
|
||||
if (auth->AuthType != CLIENT_AUTHTYPE_ANONYMOUS && auth->AuthType != CLIENT_AUTHTYPE_PASSWORD &&
|
||||
auth->AuthType != CLIENT_AUTHTYPE_PLAIN_PASSWORD && auth->AuthType != CLIENT_AUTHTYPE_CERT)
|
||||
auth->AuthType != CLIENT_AUTHTYPE_PLAIN_PASSWORD && auth->AuthType != CLIENT_AUTHTYPE_CERT && auth->AuthType != CLIENT_AUTHTYPE_OPENSSLENGINE)
|
||||
{
|
||||
// Authentication method other than anonymous authentication, password authentication, plain password, certificate authentication cannot be used
|
||||
return NULL;
|
||||
|
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Cedar Communication Module
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Protocol.c
|
||||
// SoftEther protocol related routines
|
||||
@ -5511,6 +5511,20 @@ bool ClientUploadAuth(CONNECTION *c)
|
||||
}
|
||||
break;
|
||||
|
||||
case CLIENT_AUTHTYPE_OPENSSLENGINE:
|
||||
// Certificate authentication
|
||||
if (a->ClientX != NULL && a->ClientX->is_compatible_bit &&
|
||||
a->ClientX->bits != 0 && (a->ClientX->bits / 8) <= sizeof(sign))
|
||||
{
|
||||
if (RsaSignEx(sign, c->Random, SHA1_SIZE, a->ClientK, a->ClientX->bits))
|
||||
{
|
||||
p = PackLoginWithCert(o->HubName, a->Username, a->ClientX, sign, a->ClientX->bits / 8);
|
||||
c->ClientX = CloneX(a->ClientX);
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
|
||||
case CLIENT_AUTHTYPE_SECURE:
|
||||
// Authentication by secure device
|
||||
if (ClientSecureSign(c, sign, c->Random, &x))
|
||||
|
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Cedar Communication Module
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Session.c
|
||||
// Session Manager
|
||||
@ -1918,10 +1918,17 @@ SESSION *NewClientSessionEx(CEDAR *cedar, CLIENT_OPTION *option, CLIENT_AUTH *au
|
||||
{
|
||||
s->ClientAuth->ClientX = CloneX(s->ClientAuth->ClientX);
|
||||
}
|
||||
if (s->ClientAuth->ClientK != NULL)
|
||||
{
|
||||
s->ClientAuth->ClientK = CloneK(s->ClientAuth->ClientK);
|
||||
}
|
||||
if (s->ClientAuth->ClientK != NULL)
|
||||
{
|
||||
if (s->ClientAuth->AuthType != CLIENT_AUTHTYPE_OPENSSLENGINE)
|
||||
{
|
||||
s->ClientAuth->ClientK = CloneK(s->ClientAuth->ClientK);
|
||||
}
|
||||
else
|
||||
{
|
||||
s->ClientAuth->ClientK = OpensslEngineToK(s->ClientAuth->OpensslEnginePrivateKeyName, s->ClientAuth->OpensslEngineName);
|
||||
}
|
||||
}
|
||||
|
||||
if (StrCmpi(s->ClientOption->DeviceName, LINK_DEVICE_NAME) == 0)
|
||||
{
|
||||
|
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Mayaqua Kernel
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Encrypt.c
|
||||
// Encryption and digital certification routine
|
||||
@ -46,6 +46,7 @@
|
||||
#include <intrin.h> // For __cpuid()
|
||||
#else // _MSC_VER
|
||||
|
||||
|
||||
#ifndef SKIP_CPU_FEATURES
|
||||
#include "cpu_features_macros.h"
|
||||
#endif
|
||||
@ -3111,6 +3112,22 @@ bool IsEncryptedK(BUF *b, bool private_key)
|
||||
return true;
|
||||
}
|
||||
|
||||
K *OpensslEngineToK(char *key_file_name, char *engine_name)
|
||||
{
|
||||
K *k;
|
||||
#if OPENSSL_API_COMPAT < 0x10100000L
|
||||
ENGINE_load_dynamic();
|
||||
#endif // OPENSSL_API_COMPAT < 0x10100000L
|
||||
ENGINE *engine = ENGINE_by_id(engine_name);
|
||||
ENGINE_init(engine);
|
||||
EVP_PKEY *pkey;
|
||||
pkey = ENGINE_load_private_key(engine, key_file_name, NULL, NULL);
|
||||
k = ZeroMalloc(sizeof(K));
|
||||
k->pkey = pkey;
|
||||
k->private_key = true;
|
||||
return k;
|
||||
}
|
||||
|
||||
// Convert the BUF to a K
|
||||
K *BufToK(BUF *b, bool private_key, bool text, char *password)
|
||||
{
|
||||
|
@ -1,6 +1,6 @@
|
||||
// SoftEther VPN Source Code - Developer Edition Master Branch
|
||||
// Mayaqua Kernel
|
||||
|
||||
// © 2020 Nokia
|
||||
|
||||
// Encrypt.h
|
||||
// Header of Encrypt.c
|
||||
@ -300,6 +300,7 @@ K *BioToK(BIO *bio, bool private_key, bool text, char *password);
|
||||
int PKeyPasswordCallbackFunction(char *buf, int bufsize, int verify, void *param);
|
||||
void FreePKey(EVP_PKEY *pkey);
|
||||
void FreeK(K *k);
|
||||
K *OpensslEngineToK(char *key_file_name, char *engine_name);
|
||||
K *BufToK(BUF *b, bool private_key, bool text, char *password);
|
||||
bool IsEncryptedK(BUF *b, bool private_key);
|
||||
bool IsBase64(BUF *b);
|
||||
|
@ -400,6 +400,7 @@ PW_TYPE_1 标准密码验证
|
||||
PW_TYPE_2 RADIUS 或 NT 域验证
|
||||
PW_TYPE_3 客户端证书认证
|
||||
PW_TYPE_4 智能卡身份验证
|
||||
PW_TYPE_5 Openssl Engine Authentication
|
||||
|
||||
PW_MSG_PROXY 代理服务器 %S 用户身份验证失败。请重新输入正确的用户名和密码。
|
||||
PW_TYPE_PROXY 代理服务器认证
|
||||
@ -6875,6 +6876,11 @@ CMD_AccountSecureCertSet_PROMPT_CERTNAME 智能卡证书对象名:
|
||||
CMD_AccountSecureCertSet_PROMPT_KEYNAME 智能卡私匙对象名:
|
||||
|
||||
|
||||
# PcAccountOpensslEngineCertSet
|
||||
CMD_AccountOpensslCertSet_PROMPT_KEYNAME Specify the openssl engine specific key name:
|
||||
CMD_AccountOpensslCertSet_PROMPT_ENGINENAME Specify the openssl engine name:
|
||||
|
||||
|
||||
# AccountRetrySet 命令
|
||||
CMD_AccountRetrySet 设置连接设置的连接失败或断开时建立重新连接的次数和间隔
|
||||
CMD_AccountRetrySet_Help 指定注册到 VPN Client 的连接设置,且其连接设置试图连接到 VPN Server 时,还有连接中的与 VPN Server 的通信被断开或连接失败时,指定连接的重试次数和连接重试的间隔。\n而且,如果用户认证类型为 [智能卡认证] 时,不管连接重试次数如何设置,都将不进行连接重试。
|
||||
|
@ -398,6 +398,7 @@ PW_TYPE_1 Standard Password Authentication
|
||||
PW_TYPE_2 RADIUS or NT Domain Authentication
|
||||
PW_TYPE_3 Client Certificate Authentication
|
||||
PW_TYPE_4 Smart Card Authentication
|
||||
PW_TYPE_5 Openssl Engine Authentication
|
||||
|
||||
PW_MSG_PROXY User authentication failed on the proxy server %S. Re-enter the correct user name and password.
|
||||
PW_TYPE_PROXY Proxy Server Authentication
|
||||
@ -6860,6 +6861,11 @@ CMD_AccountSecureCertSet_PROMPT_CERTNAME Name of Certificate Object on Smart Car
|
||||
CMD_AccountSecureCertSet_PROMPT_KEYNAME Name of Private Key Object on Smart Card:
|
||||
|
||||
|
||||
# PcAccountOpensslEngineCertSet
|
||||
CMD_AccountOpensslCertSet_PROMPT_KEYNAME Specify the openssl engine specific key name:
|
||||
CMD_AccountOpensslCertSet_PROMPT_ENGINENAME Specify the openssl engine name:
|
||||
|
||||
|
||||
# AccountRetrySet コマンド
|
||||
CMD_AccountRetrySet Set Interval between Connection Retries for Connection Failures or Disconnections of VPN Connection Setting
|
||||
CMD_AccountRetrySet_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting attempts to connect to a VPN Server, use this to specify the interval to wait between connection attempts and the limit of how many times to retry connecting when communication with the VPN Server has been disconnected or when the connection process failed. \nIf the user authentication type is Smart Card Authentication, no connection retry will be performed regardless of the Number of Connection Attempts setting.
|
||||
|
@ -400,6 +400,7 @@ PW_TYPE_1 標準パスワード認証
|
||||
PW_TYPE_2 RADIUS または NT ドメイン認証
|
||||
PW_TYPE_3 クライアント証明書認証
|
||||
PW_TYPE_4 スマートカード認証
|
||||
PW_TYPE_5 Openssl Engine Authentication
|
||||
|
||||
PW_MSG_PROXY プロキシサーバー %S でのユーザー認証に失敗しました。正しいユーザー名とパスワードを再入力してください。
|
||||
PW_TYPE_PROXY プロキシサーバー認証
|
||||
@ -6866,6 +6867,11 @@ CMD_AccountSecureCertSet_PROMPT_CERTNAME スマートカード内証明書オブ
|
||||
CMD_AccountSecureCertSet_PROMPT_KEYNAME スマートカード内秘密鍵オブジェクトの名前:
|
||||
|
||||
|
||||
# PcAccountOpensslEngineCertSet
|
||||
CMD_AccountOpensslCertSet_PROMPT_KEYNAME Specify the openssl engine specific key name:
|
||||
CMD_AccountOpensslCertSet_PROMPT_ENGINENAME Specify the openssl engine name:
|
||||
|
||||
|
||||
# AccountRetrySet コマンド
|
||||
CMD_AccountRetrySet 接続設定の接続失敗または切断時の再試行回数と間隔の設定
|
||||
CMD_AccountRetrySet_Help VPN Client に登録されている接続設定を指定し、その接続設定が VPN Server に接続しようとする際、または接続中に VPN Server との通信が切断されたり、接続に失敗したりした場合に、接続を再試行する回数と接続再試行間隔を指定します。\nなお、ユーザー認証の種類が [スマートカード認証] の場合は、接続試行回数の設定にかかわらず、再試行は行いません。
|
||||
|
@ -404,6 +404,7 @@ PW_TYPE_1 표준 암호 인증
|
||||
PW_TYPE_2 RADIUS 또는 NT 도메인 인증
|
||||
PW_TYPE_3 클라이언트 인증서 인증
|
||||
PW_TYPE_4 스마트 카드 인증
|
||||
PW_TYPE_5 Openssl Engine Authentication
|
||||
|
||||
PW_MSG_PROXY 프록시 서버 %S에서의 사용자 인증에 실패했습니다. 올바른 사용자 이름과 암호를 다시 입력하십시오.
|
||||
PW_TYPE_PROXY 프록시 서버 인증
|
||||
@ -6839,6 +6840,11 @@ CMD_AccountSecureCertSet_[name] 설정을 변경하려면 연결 설정의 이
|
||||
CMD_AccountSecureCertSet_CERTNAME 스마트 카드에 저장되어있는 인증서 개체의 이름을 지정합니다.
|
||||
CMD_AccountSecureCertSet_KEYNAME 스마트 카드에 저장되어있는 비밀 열쇠 오브젝트의 이름을 지정합니다./CERTNAME에 지정된 인증서에 대응하고있을 필요가 있습니다.
|
||||
CMD_AccountSecureCertSet_PROMPT_CERTNAME 스마트 카드에서 인증서 개체의 이름:
|
||||
|
||||
|
||||
# PcAccountOpensslEngineCertSet
|
||||
CMD_AccountOpensslCertSet_PROMPT_KEYNAME Specify the openssl engine specific key name:
|
||||
CMD_AccountOpensslCertSet_PROMPT_ENGINENAME Specify the openssl engine name:
|
||||
CMD_AccountSecureCertSet_PROMPT_KEYNAME 스마트 카드의 비밀 열쇠 오브젝트의 이름:
|
||||
|
||||
|
||||
|
@ -415,6 +415,7 @@ PW_TYPE_1 Autenticação de senha padrão
|
||||
PW_TYPE_2 Autenticação de Domínio RADIUS ou NT
|
||||
PW_TYPE_3 Certificado do cliente
|
||||
PW_TYPE_4 Autenticação Smart Card
|
||||
PW_TYPE_5 Openssl Engine Authentication
|
||||
PW_MSG_PROXY User authentication failed on the proxy server %S. Re-enter the correct user name and password.
|
||||
PW_TYPE_PROXY Proxy Server Authentication
|
||||
|
||||
@ -6594,6 +6595,11 @@ CMD_AccountSecureCertSet_PROMPT_CERTNAME Name of Certificate Object on Smart Car
|
||||
CMD_AccountSecureCertSet_PROMPT_KEYNAME Name of Private Key Object on Smart Card:
|
||||
|
||||
|
||||
# PcAccountOpensslEngineCertSet
|
||||
CMD_AccountOpensslCertSet_PROMPT_KEYNAME Specify the openssl engine specific key name:
|
||||
CMD_AccountOpensslCertSet_PROMPT_ENGINENAME Specify the openssl engine name:
|
||||
|
||||
|
||||
# AccountRetrySet コマンド
|
||||
CMD_AccountRetrySet Set Interval between Connection Retries for Connection Failures or Disconnections of VPN Connection Setting
|
||||
CMD_AccountRetrySet_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting attempts to connect to a VPN Server, use this to specify the interval to wait between connection attempts and the limit of how many times to retry connecting when communication with the VPN Server has been disconnected or when the connection process failed. \nIf the user authentication type is Smart Card Authentication, no connection retry will be performed regardless of the Number of Connection Attempts setting.
|
||||
|
@ -398,6 +398,7 @@ PW_TYPE_1 Standard Password Authentication
|
||||
PW_TYPE_2 RADIUS or NT Domain Authentication
|
||||
PW_TYPE_3 Client Certificate Authentication
|
||||
PW_TYPE_4 Smart Card Authentication
|
||||
PW_TYPE_5 Openssl Engine Authentication
|
||||
|
||||
PW_MSG_PROXY User authentication failed on the proxy server %S. Re-enter the correct user name and password.
|
||||
PW_TYPE_PROXY Proxy Server Authentication
|
||||
@ -6847,6 +6848,11 @@ CMD_AccountSecureCertSet_PROMPT_CERTNAME Name of Certificate Object on Smart Car
|
||||
CMD_AccountSecureCertSet_PROMPT_KEYNAME Name of Private Key Object on Smart Card:
|
||||
|
||||
|
||||
# PcAccountOpensslEngineCertSet
|
||||
CMD_AccountOpensslCertSet_PROMPT_KEYNAME Specify the openssl engine specific key name:
|
||||
CMD_AccountOpensslCertSet_PROMPT_ENGINENAME Specify the openssl engine name:
|
||||
|
||||
|
||||
# AccountRetrySet コマンド
|
||||
CMD_AccountRetrySet Set Interval between Connection Retries for Connection Failures or Disconnections of VPN Connection Setting
|
||||
CMD_AccountRetrySet_Help When a VPN Connection Setting registered on the VPN Client is specified and that VPN Connection Setting attempts to connect to a VPN Server, use this to specify the interval to wait between connection attempts and the limit of how many times to retry connecting when communication with the VPN Server has been disconnected or when the connection process failed. \nIf the user authentication type is Smart Card Authentication, no connection retry will be performed regardless of the Number of Connection Attempts setting.
|
||||
|
@ -404,6 +404,7 @@ PW_TYPE_1 標準密碼驗證
|
||||
PW_TYPE_2 RADIUS 或 NT 域驗證
|
||||
PW_TYPE_3 用戶端證書認證
|
||||
PW_TYPE_4 智慧卡身份驗證
|
||||
PW_TYPE_5 Openssl Engine Authentication
|
||||
|
||||
PW_MSG_PROXY 代理伺服器 %S 使用者身份驗證失敗。請重新輸入正確的用戶名和密碼。
|
||||
PW_TYPE_PROXY 代理伺服器認證
|
||||
@ -6877,6 +6878,11 @@ CMD_AccountSecureCertSet_PROMPT_CERTNAME 智慧卡證書對象名:
|
||||
CMD_AccountSecureCertSet_PROMPT_KEYNAME 智慧卡私匙對象名:
|
||||
|
||||
|
||||
# PcAccountOpensslEngineCertSet
|
||||
CMD_AccountOpensslCertSet_PROMPT_KEYNAME Specify the openssl engine specific key name:
|
||||
CMD_AccountOpensslCertSet_PROMPT_ENGINENAME Specify the openssl engine name:
|
||||
|
||||
|
||||
# AccountRetrySet 命令
|
||||
CMD_AccountRetrySet 設置連接設置的連接失敗或斷開時建立重新連接的次數和間隔
|
||||
CMD_AccountRetrySet_Help 指定註冊到 VPN Client 的連接設置,且其連接設置試圖連接到 VPN Server 時,還有連接中的與 VPN Server 的通信被斷開或連接失敗時,指定連接的重試次數和連接重試的間隔。\n而且,如果用戶認證類型為 [智慧卡認證] 時,不管連接重試次數如何設置,都將不進行連接重試。
|
||||
|
Loading…
Reference in New Issue
Block a user