summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces-ethernet.py
diff options
context:
space:
mode:
authorgoodNETnick <33053932+goodNETnick@users.noreply.github.com>2022-03-31 13:48:47 +1000
committerGitHub <noreply@github.com>2022-03-31 13:48:47 +1000
commitaa5b35b68c1170bfd0b9661bafa72bb10fe6ca95 (patch)
tree46f3ffc41c29666c3251f25f2f93cb1f1b9a6c60 /src/conf_mode/interfaces-ethernet.py
parentb776003cf55e1035ac83186e44f72764e52e9e0d (diff)
parentbafb1973d906707cb571385e994a949d0d90b645 (diff)
downloadvyos-1x-aa5b35b68c1170bfd0b9661bafa72bb10fe6ca95.tar.gz
vyos-1x-aa5b35b68c1170bfd0b9661bafa72bb10fe6ca95.zip
Merge branch 'vyos:current' into ocserv_local_otp
Diffstat (limited to 'src/conf_mode/interfaces-ethernet.py')
-rwxr-xr-xsrc/conf_mode/interfaces-ethernet.py22
1 files changed, 18 insertions, 4 deletions
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index e7250fb49..3eeddf190 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -28,11 +28,14 @@ from vyos.configverify import verify_interface_exists
from vyos.configverify import verify_mirror
from vyos.configverify import verify_mtu
from vyos.configverify import verify_mtu_ipv6
+from vyos.configverify import verify_redirect
from vyos.configverify import verify_vlan_config
from vyos.configverify import verify_vrf
from vyos.ethtool import Ethtool
from vyos.ifconfig import EthernetIf
-from vyos.pki import wrap_certificate
+from vyos.pki import find_chain
+from vyos.pki import encode_certificate
+from vyos.pki import load_certificate
from vyos.pki import wrap_private_key
from vyos.template import render
from vyos.util import call
@@ -82,6 +85,7 @@ def verify(ethernet):
verify_vrf(ethernet)
verify_eapol(ethernet)
verify_mirror(ethernet)
+ verify_redirect(ethernet)
ethtool = Ethtool(ifname)
# No need to check speed and duplex keys as both have default values.
@@ -159,16 +163,26 @@ def generate(ethernet):
cert_name = ethernet['eapol']['certificate']
pki_cert = ethernet['pki']['certificate'][cert_name]
- write_file(cert_file_path, wrap_certificate(pki_cert['certificate']))
+ loaded_pki_cert = load_certificate(pki_cert['certificate'])
+ loaded_ca_certs = {load_certificate(c['certificate'])
+ for c in ethernet['pki']['ca'].values()}
+
+ cert_full_chain = find_chain(loaded_pki_cert, loaded_ca_certs)
+
+ write_file(cert_file_path,
+ '\n'.join(encode_certificate(c) for c in cert_full_chain))
write_file(cert_key_path, wrap_private_key(pki_cert['private']['key']))
if 'ca_certificate' in ethernet['eapol']:
ca_cert_file_path = os.path.join(cfg_dir, f'{ifname}_ca.pem')
ca_cert_name = ethernet['eapol']['ca_certificate']
- pki_ca_cert = ethernet['pki']['ca'][cert_name]
+ pki_ca_cert = ethernet['pki']['ca'][ca_cert_name]
+
+ loaded_ca_cert = load_certificate(pki_ca_cert['certificate'])
+ ca_full_chain = find_chain(loaded_ca_cert, loaded_ca_certs)
write_file(ca_cert_file_path,
- wrap_certificate(pki_ca_cert['certificate']))
+ '\n'.join(encode_certificate(c) for c in ca_full_chain))
else:
# delete configuration on interface removal
if os.path.isfile(wpa_suppl_conf.format(**ethernet)):