summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-05-30 11:20:56 +0200
committerChristian Breunig <christian@breunig.cc>2024-05-30 11:20:56 +0200
commite6fe6e50a5c817e18c453e7bc42bb2e1c4b17671 (patch)
treee46c2b6cb8a3218d3b8145f1c370a09dffc4392a /data
parentb7595ee9d328778105c70e3d4399ac45f555b304 (diff)
downloadvyos-1x-e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671.tar.gz
vyos-1x-e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671.zip
op-mode: ipsec: T6407: fix profile generation
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile.
Diffstat (limited to 'data')
-rw-r--r--data/templates/ipsec/ios_profile.j211
1 files changed, 8 insertions, 3 deletions
diff --git a/data/templates/ipsec/ios_profile.j2 b/data/templates/ipsec/ios_profile.j2
index eb74924b8..a9ae1c7a9 100644
--- a/data/templates/ipsec/ios_profile.j2
+++ b/data/templates/ipsec/ios_profile.j2
@@ -83,12 +83,15 @@
</dict>
</dict>
</dict>
+{% if certs is vyos_defined %}
<!-- This payload is optional but it provides an easy way to install the CA certificate together with the configuration -->
+{% for cert in certs %}
+ <!-- Payload for: {{ cert.ca_cn }} -->
<dict>
<key>PayloadIdentifier</key>
- <string>org.example.ca</string>
+ <string>org.{{ cert.ca_cn | lower | replace(' ', '.') | replace('_', '.') }}</string>
<key>PayloadUUID</key>
- <string>{{ '' | get_uuid }}</string>
+ <string>{{ cert.ca_cn | generate_uuid4 }}</string>
<key>PayloadType</key>
<string>com.apple.security.root</string>
<key>PayloadVersion</key>
@@ -96,9 +99,11 @@
<!-- This is the Base64 (PEM) encoded CA certificate -->
<key>PayloadContent</key>
<data>
- {{ ca_cert }}
+ {{ cert.ca_cert }}
</data>
</dict>
+{% endfor %}
+{% endif %}
</array>
</dict>
</plist>