summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-05-29 22:51:00 +0200
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-05-30 11:48:12 +0000
commitaa3970cd922e8ff18e5b2500905ba0ce2cb14ed4 (patch)
treebbeeaffab3dd5c7872745c98302a95e26216f000
parent8754f486acf64b1b1bfa3901f36229b713d4d573 (diff)
downloadvyos-1x-aa3970cd922e8ff18e5b2500905ba0ce2cb14ed4.tar.gz
vyos-1x-aa3970cd922e8ff18e5b2500905ba0ce2cb14ed4.zip
reverse-proxy: T5231: remove frontend ca-certificate code path
The code path to handle the ca certificate used for the frontend service is removed, as there is no way on the XLI to define the CA certificate used for the frontend service. (cherry picked from commit 6000c47f068503522b0ccfe57c51f34ad9892e87)
-rwxr-xr-xsrc/conf_mode/load-balancing_reverse-proxy.py33
1 files changed, 13 insertions, 20 deletions
diff --git a/src/conf_mode/load-balancing_reverse-proxy.py b/src/conf_mode/load-balancing_reverse-proxy.py
index b6db110ae..16dcba852 100755
--- a/src/conf_mode/load-balancing_reverse-proxy.py
+++ b/src/conf_mode/load-balancing_reverse-proxy.py
@@ -126,30 +126,23 @@ def generate(lb):
# SSL Certificates for frontend
for front, front_config in lb['service'].items():
- if 'ssl' in front_config:
+ if 'ssl' not in front_config:
+ continue
- if 'certificate' in front_config['ssl']:
- cert_names = front_config['ssl']['certificate']
+ if 'certificate' in front_config['ssl']:
+ cert_names = front_config['ssl']['certificate']
- for cert_name in cert_names:
- pki_cert = lb['pki']['certificate'][cert_name]
- cert_file_path = os.path.join(load_balancing_dir, f'{cert_name}.pem')
- cert_key_path = os.path.join(load_balancing_dir, f'{cert_name}.pem.key')
+ for cert_name in cert_names:
+ pki_cert = lb['pki']['certificate'][cert_name]
+ cert_file_path = os.path.join(load_balancing_dir, f'{cert_name}.pem')
+ cert_key_path = os.path.join(load_balancing_dir, f'{cert_name}.pem.key')
- with open(cert_file_path, 'w') as f:
- f.write(wrap_certificate(pki_cert['certificate']))
+ with open(cert_file_path, 'w') as f:
+ f.write(wrap_certificate(pki_cert['certificate']))
- if 'private' in pki_cert and 'key' in pki_cert['private']:
- with open(cert_key_path, 'w') as f:
- f.write(wrap_private_key(pki_cert['private']['key']))
-
- if 'ca_certificate' in front_config['ssl']:
- ca_name = front_config['ssl']['ca_certificate']
- pki_ca_cert = lb['pki']['ca'][ca_name]
- ca_cert_file_path = os.path.join(load_balancing_dir, f'{ca_name}.pem')
-
- with open(ca_cert_file_path, 'w') as f:
- f.write(wrap_certificate(pki_ca_cert['certificate']))
+ if 'private' in pki_cert and 'key' in pki_cert['private']:
+ with open(cert_key_path, 'w') as f:
+ f.write(wrap_private_key(pki_cert['private']['key']))
# SSL Certificates for backend
for back, back_config in lb['backend'].items():