summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-05-29 22:51:00 +0200
committerChristian Breunig <christian@breunig.cc>2024-05-29 23:26:24 +0200
commit6000c47f068503522b0ccfe57c51f34ad9892e87 (patch)
treea62ccfe21d8aec2c339c6de982b4682fb3030202
parenta2f0b25452c67528077f343d75de09d038e97fee (diff)
downloadvyos-1x-6000c47f068503522b0ccfe57c51f34ad9892e87.tar.gz
vyos-1x-6000c47f068503522b0ccfe57c51f34ad9892e87.zip
reverse-proxy: T5231: remove frontend ca-certificate code path
The code path to handle the ca certificate used for the frontend service is removed, as there is no way on the XLI to define the CA certificate used for the frontend service.
-rwxr-xr-xsrc/conf_mode/load-balancing_reverse-proxy.py33
1 files changed, 13 insertions, 20 deletions
diff --git a/src/conf_mode/load-balancing_reverse-proxy.py b/src/conf_mode/load-balancing_reverse-proxy.py
index b6db110ae..16dcba852 100755
--- a/src/conf_mode/load-balancing_reverse-proxy.py
+++ b/src/conf_mode/load-balancing_reverse-proxy.py
@@ -126,30 +126,23 @@ def generate(lb):
# SSL Certificates for frontend
for front, front_config in lb['service'].items():
- if 'ssl' in front_config:
+ if 'ssl' not in front_config:
+ continue
- if 'certificate' in front_config['ssl']:
- cert_names = front_config['ssl']['certificate']
+ if 'certificate' in front_config['ssl']:
+ cert_names = front_config['ssl']['certificate']
- for cert_name in cert_names:
- pki_cert = lb['pki']['certificate'][cert_name]
- cert_file_path = os.path.join(load_balancing_dir, f'{cert_name}.pem')
- cert_key_path = os.path.join(load_balancing_dir, f'{cert_name}.pem.key')
+ for cert_name in cert_names:
+ pki_cert = lb['pki']['certificate'][cert_name]
+ cert_file_path = os.path.join(load_balancing_dir, f'{cert_name}.pem')
+ cert_key_path = os.path.join(load_balancing_dir, f'{cert_name}.pem.key')
- with open(cert_file_path, 'w') as f:
- f.write(wrap_certificate(pki_cert['certificate']))
+ with open(cert_file_path, 'w') as f:
+ f.write(wrap_certificate(pki_cert['certificate']))
- if 'private' in pki_cert and 'key' in pki_cert['private']:
- with open(cert_key_path, 'w') as f:
- f.write(wrap_private_key(pki_cert['private']['key']))
-
- if 'ca_certificate' in front_config['ssl']:
- ca_name = front_config['ssl']['ca_certificate']
- pki_ca_cert = lb['pki']['ca'][ca_name]
- ca_cert_file_path = os.path.join(load_balancing_dir, f'{ca_name}.pem')
-
- with open(ca_cert_file_path, 'w') as f:
- f.write(wrap_certificate(pki_ca_cert['certificate']))
+ if 'private' in pki_cert and 'key' in pki_cert['private']:
+ with open(cert_key_path, 'w') as f:
+ f.write(wrap_private_key(pki_cert['private']['key']))
# SSL Certificates for backend
for back, back_config in lb['backend'].items():