summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-03-20 23:22:09 +0100
committerChristian Poessinger <christian@poessinger.com>2020-03-20 23:25:05 +0100
commit95c42faa4436c5dd761049a8a6e75996c815cc2c (patch)
treec7c2218544515896cfa8bd3c35cbf58dd3d54eb1
parent86860b51ad0f3f6148b00804860aee2d55414274 (diff)
downloadvyos-1x-95c42faa4436c5dd761049a8a6e75996c815cc2c.tar.gz
vyos-1x-95c42faa4436c5dd761049a8a6e75996c815cc2c.zip
sstp: T2008: migrate SSL certificate nodes
-rw-r--r--interface-definitions/vpn-sstp.xml.in55
-rwxr-xr-xsrc/conf_mode/vpn_sstp.py14
-rwxr-xr-xsrc/migration-scripts/sstp/0-to-117
3 files changed, 48 insertions, 38 deletions
diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn-sstp.xml.in
index cf864b069..59aae9f7f 100644
--- a/interface-definitions/vpn-sstp.xml.in
+++ b/interface-definitions/vpn-sstp.xml.in
@@ -252,42 +252,35 @@
</node>
</children>
</node>
- <node name="sstp-settings">
+ <node name="ssl">
<properties>
- <help>SSTP settings</help>
+ <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help>
</properties>
<children>
- <node name="ssl-certs">
+ <leafNode name="ca-cert-file">
<properties>
- <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help>
+ <help>Certificate Authority certificate</help>
+ <completionHelp>
+ <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
+ </completionHelp>
</properties>
- <children>
- <leafNode name="ca">
- <properties>
- <help>Certificate Authority certificate</help>
- <completionHelp>
- <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
- </completionHelp>
- </properties>
- </leafNode>
- <leafNode name="server-cert">
- <properties>
- <help>Server Certificate</help>
- <completionHelp>
- <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
- </completionHelp>
- </properties>
- </leafNode>
- <leafNode name="server-key">
- <properties>
- <help>Privat Key of the Server Certificate</help>
- <completionHelp>
- <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
- </completionHelp>
- </properties>
- </leafNode>
- </children>
- </node>
+ </leafNode>
+ <leafNode name="cert-file">
+ <properties>
+ <help>Server Certificate</help>
+ <completionHelp>
+ <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="key-file">
+ <properties>
+ <help>Privat Key of the Server Certificate</help>
+ <completionHelp>
+ <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
+ </completionHelp>
+ </properties>
+ </leafNode>
</children>
</node>
<node name="network-settings">
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 09de7d112..a2e7c9327 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -373,15 +373,15 @@ def get_config():
#
# read in SSL certs
- conf.set_level(base_path + ['sstp-settings', 'ssl-certs'])
- if conf.exists(['ca']):
- sstp['ssl_ca'] = conf.return_value(['ca'])
+ conf.set_level(base_path + ['ssl'])
+ if conf.exists(['ca-cert-file']):
+ sstp['ssl_ca'] = conf.return_value(['ca-cert-file'])
- if conf.exists(['server-cert']):
- sstp['ssl_cert'] = conf.return_value(['server-cert'])
+ if conf.exists(['cert-file']):
+ sstp['ssl_cert'] = conf.return_value(['cert-file'])
- if conf.exists(['server-key']):
- sstp['ssl_key'] = conf.return_value(['server-key'])
+ if conf.exists(['key-file']):
+ sstp['ssl_key'] = conf.return_value(['key-file'])
#
diff --git a/src/migration-scripts/sstp/0-to-1 b/src/migration-scripts/sstp/0-to-1
index 2edf76a56..1d1bea51f 100755
--- a/src/migration-scripts/sstp/0-to-1
+++ b/src/migration-scripts/sstp/0-to-1
@@ -21,6 +21,7 @@
# - authentication radius-server x.x.x.x to authentication radius server x.x.x.x
# - authentication radius-settings to authentication radius
# - do not migrate radius server req-limit, use default of unlimited
+# - migrate SSL certificate path
import os
import sys
@@ -105,6 +106,22 @@ else:
config.set_tag(new_base + ['authentication', 'radius', 'server'])
config.delete(radius_server)
+ # migrate SSL certificates
+ old_ssl = new_base + ['sstp-settings', 'ssl-certs']
+ new_ssl = new_base + ['ssl']
+ config.copy(old_ssl, new_ssl)
+ config.delete(old_ssl)
+
+ if config.exists(new_ssl + ['ca']):
+ config.rename(new_ssl + ['ca'], 'ca-cert-file')
+
+ if config.exists(new_ssl + ['server-cert']):
+ config.rename(new_ssl + ['server-cert'], 'cert-file')
+
+ if config.exists(new_ssl + ['server-key']):
+ config.rename(new_ssl + ['server-key'], 'key-file')
+
+
try:
with open(file_name, 'w') as f:
f.write(config.to_string())