summaryrefslogtreecommitdiff
path: root/src/op_mode/ikev2_profile_generator.py
AgeCommit message (Collapse)Author
2024-06-14op-mode: T6407: "generate pki" missed to mangle in ACME certificates when ↵Christian Breunig
required If the requested certificate to generate an Apple IOS profile was based on an ACME certificate, we also need to mangle in the ACME certs content to retrieve the certificates issuer name. (cherry picked from commit 1bc67d498c4d71da78aa46d1d2f9fe9752f59860)
2024-06-10op-mode: T6424: ipsec: filter out duplicate CA certificates in Apple IOS profileChristian Breunig
(cherry picked from commit 4e51569013b3f78abea9c18e5a6ecb9ff5ae4687)
2024-06-10op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile. (cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
2024-05-30op-mode: ipsec: T6407: fix profile generationChristian Breunig
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile. (cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671)
2024-04-03T6199: drop unused Python importsChristian Breunig
found using "git ls-files *.py | xargs pylint | grep W0611" (cherry picked from commit 274b2da242acd1f1f64ff1dee471e34295137c5f)
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2022-10-01T4722: consistently use the "IPsec" spelling for IPsecDaniil Baturin
2022-05-01ipsec: T4353: fix Jinja2 linting errorsChristian Poessinger
2021-08-23ipsec: T1210: use ConfigTreeQuery() instead of Config() from op-modeChristian Poessinger
2021-07-29ipsec: T1210: add op-mode command to print Windows connection profileChristian Poessinger
2021-07-26ipsec: T1210: extend support for iOS profile generationChristian Poessinger
$ generate ipsec mac-ios-profile <connection> remote <ip>
2021-07-20ipsec: T1210: add op-mode command for macOS and iOS profile generationChristian Poessinger
generate ipsec mac-ios-profile <connection> remote <ip|fqdn> will generate a matching IPSec profile which can be loaded on an iOS device.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 04:42:33 +0000