From 493d060922f638d81dd5d4a81ffdf19e16943e3e Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Thu, 31 Aug 2023 00:11:59 +0200
Subject: eapol: T4782: Support multiple CA chains

---
 python/vyos/configverify.py | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'python')

diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 5b94bd98b..52f9238b8 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -187,15 +187,14 @@ def verify_eapol(config):
             if 'ca' not in config['pki']:
                 raise ConfigError('Invalid CA certificate specified for EAPoL')
 
-            ca_cert_name = config['eapol']['ca_certificate']
+            for ca_cert_name in config['eapol']['ca_certificate']:
+                if ca_cert_name not in config['pki']['ca']:
+                    raise ConfigError('Invalid CA certificate specified for EAPoL')
 
-            if ca_cert_name not in config['pki']['ca']:
-                raise ConfigError('Invalid CA certificate specified for EAPoL')
-
-            ca_cert = config['pki']['ca'][ca_cert_name]
+                ca_cert = config['pki']['ca'][ca_cert_name]
 
-            if 'certificate' not in ca_cert:
-                raise ConfigError('Invalid CA certificate specified for EAPoL')
+                if 'certificate' not in ca_cert:
+                    raise ConfigError('Invalid CA certificate specified for EAPoL')
 
 def verify_mirror_redirect(config):
     """
-- 
cgit v1.2.3