summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-06-09 14:54:32 +0200
committerChristian Breunig <christian@breunig.cc>2024-06-09 22:03:50 +0200
commit4e51569013b3f78abea9c18e5a6ecb9ff5ae4687 (patch)
tree3fe7f46061031554039b722c63e86487e46e9cfe
parentd65f43589612c30dfaa5ce30aca5b8b48bf73211 (diff)
downloadvyos-1x-4e51569013b3f78abea9c18e5a6ecb9ff5ae4687.tar.gz
vyos-1x-4e51569013b3f78abea9c18e5a6ecb9ff5ae4687.zip
op-mode: T6424: ipsec: filter out duplicate CA certificates in Apple IOS profile
-rwxr-xr-xsrc/op_mode/ikev2_profile_generator.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/op_mode/ikev2_profile_generator.py b/src/op_mode/ikev2_profile_generator.py
index b55fdeab2..169a15840 100755
--- a/src/op_mode/ikev2_profile_generator.py
+++ b/src/op_mode/ikev2_profile_generator.py
@@ -168,6 +168,10 @@ for ca_name in data['authentication']['x509']['ca_certificate']:
}
data['ca_certificates'].append(tmp)
+# Remove duplicate list entries for CA certificates, as they are added by their common name
+# https://stackoverflow.com/a/9427216
+data['ca_certificates'] = [dict(t) for t in {tuple(d.items()) for d in data['ca_certificates']}]
+
esp_proposals = conf.get_config_dict(ipsec_base + ['esp-group', data['esp_group'], 'proposal'],
key_mangling=('-', '_'), get_first_key=True)
ike_proposal = conf.get_config_dict(ipsec_base + ['ike-group', data['ike_group'], 'proposal'],