diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-03-20 23:22:09 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-03-20 23:25:05 +0100 |
commit | 95c42faa4436c5dd761049a8a6e75996c815cc2c (patch) | |
tree | c7c2218544515896cfa8bd3c35cbf58dd3d54eb1 | |
parent | 86860b51ad0f3f6148b00804860aee2d55414274 (diff) | |
download | vyos-1x-95c42faa4436c5dd761049a8a6e75996c815cc2c.tar.gz vyos-1x-95c42faa4436c5dd761049a8a6e75996c815cc2c.zip |
sstp: T2008: migrate SSL certificate nodes
-rw-r--r-- | interface-definitions/vpn-sstp.xml.in | 55 | ||||
-rwxr-xr-x | src/conf_mode/vpn_sstp.py | 14 | ||||
-rwxr-xr-x | src/migration-scripts/sstp/0-to-1 | 17 |
3 files changed, 48 insertions, 38 deletions
diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn-sstp.xml.in index cf864b069..59aae9f7f 100644 --- a/interface-definitions/vpn-sstp.xml.in +++ b/interface-definitions/vpn-sstp.xml.in @@ -252,42 +252,35 @@ </node> </children> </node> - <node name="sstp-settings"> + <node name="ssl"> <properties> - <help>SSTP settings</help> + <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help> </properties> <children> - <node name="ssl-certs"> + <leafNode name="ca-cert-file"> <properties> - <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help> + <help>Certificate Authority certificate</help> + <completionHelp> + <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script> + </completionHelp> </properties> - <children> - <leafNode name="ca"> - <properties> - <help>Certificate Authority certificate</help> - <completionHelp> - <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script> - </completionHelp> - </properties> - </leafNode> - <leafNode name="server-cert"> - <properties> - <help>Server Certificate</help> - <completionHelp> - <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script> - </completionHelp> - </properties> - </leafNode> - <leafNode name="server-key"> - <properties> - <help>Privat Key of the Server Certificate</help> - <completionHelp> - <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script> - </completionHelp> - </properties> - </leafNode> - </children> - </node> + </leafNode> + <leafNode name="cert-file"> + <properties> + <help>Server Certificate</help> + <completionHelp> + <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script> + </completionHelp> + </properties> + </leafNode> + <leafNode name="key-file"> + <properties> + <help>Privat Key of the Server Certificate</help> + <completionHelp> + <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script> + </completionHelp> + </properties> + </leafNode> </children> </node> <node name="network-settings"> diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index 09de7d112..a2e7c9327 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -373,15 +373,15 @@ def get_config(): # # read in SSL certs - conf.set_level(base_path + ['sstp-settings', 'ssl-certs']) - if conf.exists(['ca']): - sstp['ssl_ca'] = conf.return_value(['ca']) + conf.set_level(base_path + ['ssl']) + if conf.exists(['ca-cert-file']): + sstp['ssl_ca'] = conf.return_value(['ca-cert-file']) - if conf.exists(['server-cert']): - sstp['ssl_cert'] = conf.return_value(['server-cert']) + if conf.exists(['cert-file']): + sstp['ssl_cert'] = conf.return_value(['cert-file']) - if conf.exists(['server-key']): - sstp['ssl_key'] = conf.return_value(['server-key']) + if conf.exists(['key-file']): + sstp['ssl_key'] = conf.return_value(['key-file']) # diff --git a/src/migration-scripts/sstp/0-to-1 b/src/migration-scripts/sstp/0-to-1 index 2edf76a56..1d1bea51f 100755 --- a/src/migration-scripts/sstp/0-to-1 +++ b/src/migration-scripts/sstp/0-to-1 @@ -21,6 +21,7 @@ # - authentication radius-server x.x.x.x to authentication radius server x.x.x.x # - authentication radius-settings to authentication radius # - do not migrate radius server req-limit, use default of unlimited +# - migrate SSL certificate path import os import sys @@ -105,6 +106,22 @@ else: config.set_tag(new_base + ['authentication', 'radius', 'server']) config.delete(radius_server) + # migrate SSL certificates + old_ssl = new_base + ['sstp-settings', 'ssl-certs'] + new_ssl = new_base + ['ssl'] + config.copy(old_ssl, new_ssl) + config.delete(old_ssl) + + if config.exists(new_ssl + ['ca']): + config.rename(new_ssl + ['ca'], 'ca-cert-file') + + if config.exists(new_ssl + ['server-cert']): + config.rename(new_ssl + ['server-cert'], 'cert-file') + + if config.exists(new_ssl + ['server-key']): + config.rename(new_ssl + ['server-key'], 'key-file') + + try: with open(file_name, 'w') as f: f.write(config.to_string()) |