diff options
author | Christian Breunig <christian@breunig.cc> | 2023-12-20 07:42:48 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-20 07:42:48 +0100 |
commit | 316a930b8c54155a45e92796ad2ab69283aa1eb0 (patch) | |
tree | 85320c45ac82f7065e3e1648bd9cb2dd97c9c28b /src/conf_mode | |
parent | 01fd13f8e15f5309cd93d03db8603cd10d9785d8 (diff) | |
parent | a3e059e7e8d340f6f5e623bbc17acf18cb296626 (diff) | |
download | vyos-1x-316a930b8c54155a45e92796ad2ab69283aa1eb0.tar.gz vyos-1x-316a930b8c54155a45e92796ad2ab69283aa1eb0.zip |
Merge pull request #2660 from vyos/mergify/bp/sagitta/pr-2590
T5798: load-balancing revese-proxy add multiple SSL certificates (backport #2590)
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/load-balancing-haproxy.py | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/src/conf_mode/load-balancing-haproxy.py b/src/conf_mode/load-balancing-haproxy.py index ec4311bb5..333ebc66c 100755 --- a/src/conf_mode/load-balancing-haproxy.py +++ b/src/conf_mode/load-balancing-haproxy.py @@ -108,17 +108,19 @@ def generate(lb): if 'ssl' in front_config: if 'certificate' in front_config['ssl']: - cert_name = front_config['ssl']['certificate'] - pki_cert = lb['pki']['certificate'][cert_name] - cert_file_path = os.path.join(load_balancing_dir, f'{cert_name}.pem') - cert_key_path = os.path.join(load_balancing_dir, f'{cert_name}.pem.key') + cert_names = front_config['ssl']['certificate'] - with open(cert_file_path, 'w') as f: - f.write(wrap_certificate(pki_cert['certificate'])) + for cert_name in cert_names: + pki_cert = lb['pki']['certificate'][cert_name] + cert_file_path = os.path.join(load_balancing_dir, f'{cert_name}.pem') + cert_key_path = os.path.join(load_balancing_dir, f'{cert_name}.pem.key') - if 'private' in pki_cert and 'key' in pki_cert['private']: - with open(cert_key_path, 'w') as f: - f.write(wrap_private_key(pki_cert['private']['key'])) + with open(cert_file_path, 'w') as f: + f.write(wrap_certificate(pki_cert['certificate'])) + + if 'private' in pki_cert and 'key' in pki_cert['private']: + with open(cert_key_path, 'w') as f: + f.write(wrap_private_key(pki_cert['private']['key'])) if 'ca_certificate' in front_config['ssl']: ca_name = front_config['ssl']['ca_certificate'] |