diff options
author | Christian Breunig <christian@breunig.cc> | 2024-05-30 11:20:56 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2024-05-30 11:20:56 +0200 |
commit | e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671 (patch) | |
tree | e46c2b6cb8a3218d3b8145f1c370a09dffc4392a /data | |
parent | b7595ee9d328778105c70e3d4399ac45f555b304 (diff) | |
download | vyos-1x-e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671.tar.gz vyos-1x-e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671.zip |
op-mode: ipsec: T6407: fix profile generation
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates")
added support for multiple CA certificates which broke the OP mode command
to generate the IPSec profiles as it did not expect a list and was rather
working on a string.
Now multiple CAs can be rendered into the Apple IOS profile.
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/ipsec/ios_profile.j2 | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/data/templates/ipsec/ios_profile.j2 b/data/templates/ipsec/ios_profile.j2 index eb74924b8..a9ae1c7a9 100644 --- a/data/templates/ipsec/ios_profile.j2 +++ b/data/templates/ipsec/ios_profile.j2 @@ -83,12 +83,15 @@ </dict> </dict> </dict> +{% if certs is vyos_defined %} <!-- This payload is optional but it provides an easy way to install the CA certificate together with the configuration --> +{% for cert in certs %} + <!-- Payload for: {{ cert.ca_cn }} --> <dict> <key>PayloadIdentifier</key> - <string>org.example.ca</string> + <string>org.{{ cert.ca_cn | lower | replace(' ', '.') | replace('_', '.') }}</string> <key>PayloadUUID</key> - <string>{{ '' | get_uuid }}</string> + <string>{{ cert.ca_cn | generate_uuid4 }}</string> <key>PayloadType</key> <string>com.apple.security.root</string> <key>PayloadVersion</key> @@ -96,9 +99,11 @@ <!-- This is the Base64 (PEM) encoded CA certificate --> <key>PayloadContent</key> <data> - {{ ca_cert }} + {{ cert.ca_cert }} </data> </dict> +{% endfor %} +{% endif %} </array> </dict> </plist> |