diff options
| author | Daniil Baturin <daniil@vyos.io> | 2024-06-17 17:37:50 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-06-17 17:37:50 +0200 |
| commit | 290b51bf7edf390a619c47c326f58c15d1240974 (patch) | |
| tree | f7354b3c13bd6a06132c48b2a4d9c725b5138432 | |
| parent | 444728ba6256fa7d39bedf9c4be83c098a9cc1ae (diff) | |
| parent | d2cf8eeee9053d04f34c5e8a22373290d078ab37 (diff) | |
| download | vyos-1x-290b51bf7edf390a619c47c326f58c15d1240974.tar.gz vyos-1x-290b51bf7edf390a619c47c326f58c15d1240974.zip | |
Merge pull request #3655 from talmakion/bugfix/T4026
pki: T4026: Only emit private keys when available
| -rwxr-xr-x | src/op_mode/pki.py | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py index 361b60e0e..9ce166c7d 100755 --- a/src/op_mode/pki.py +++ b/src/op_mode/pki.py @@ -426,11 +426,15 @@ def generate_ca_certificate_sign(name, ca_name, install=False, file=False): return None cert = generate_certificate(cert_req, ca_cert, ca_private_key, is_ca=True, is_sub_ca=True) - passphrase = ask_passphrase() + + passphrase = None + if private_key is not None: + passphrase = ask_passphrase() if not install and not file: print(encode_certificate(cert)) - print(encode_private_key(private_key, passphrase=passphrase)) + if private_key is not None: + print(encode_private_key(private_key, passphrase=passphrase)) return None if install: @@ -438,7 +442,8 @@ def generate_ca_certificate_sign(name, ca_name, install=False, file=False): if file: write_file(f'{name}.pem', encode_certificate(cert)) - write_file(f'{name}.key', encode_private_key(private_key, passphrase=passphrase)) + if private_key is not None: + write_file(f'{name}.key', encode_private_key(private_key, passphrase=passphrase)) def generate_certificate_sign(name, ca_name, install=False, file=False): ca_dict = get_config_ca_certificate(ca_name) @@ -492,11 +497,15 @@ def generate_certificate_sign(name, ca_name, install=False, file=False): return None cert = generate_certificate(cert_req, ca_cert, ca_private_key, is_ca=False) - passphrase = ask_passphrase() + + passphrase = None + if private_key is not None: + passphrase = ask_passphrase() if not install and not file: print(encode_certificate(cert)) - print(encode_private_key(private_key, passphrase=passphrase)) + if private_key is not None: + print(encode_private_key(private_key, passphrase=passphrase)) return None if install: @@ -504,7 +513,8 @@ def generate_certificate_sign(name, ca_name, install=False, file=False): if file: write_file(f'{name}.pem', encode_certificate(cert)) - write_file(f'{name}.key', encode_private_key(private_key, passphrase=passphrase)) + if private_key is not None: + write_file(f'{name}.key', encode_private_key(private_key, passphrase=passphrase)) def generate_certificate_selfsign(name, install=False, file=False): private_key, key_type = generate_private_key() |