diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-08-31 00:11:59 +0200 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-08-31 00:16:03 +0200 |
| commit | 493d060922f638d81dd5d4a81ffdf19e16943e3e (patch) | |
| tree | 33b866c4c3e6ded5d040fc6bca21c6670fb6213e /python | |
| parent | d3edda22573fb9c9d1c469f14f5a3eec9ca512a5 (diff) | |
| download | vyos-1x-493d060922f638d81dd5d4a81ffdf19e16943e3e.tar.gz vyos-1x-493d060922f638d81dd5d4a81ffdf19e16943e3e.zip | |
eapol: T4782: Support multiple CA chains
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/configverify.py | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 5b94bd98b..52f9238b8 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -187,15 +187,14 @@ def verify_eapol(config): if 'ca' not in config['pki']: raise ConfigError('Invalid CA certificate specified for EAPoL') - ca_cert_name = config['eapol']['ca_certificate'] + for ca_cert_name in config['eapol']['ca_certificate']: + if ca_cert_name not in config['pki']['ca']: + raise ConfigError('Invalid CA certificate specified for EAPoL') - if ca_cert_name not in config['pki']['ca']: - raise ConfigError('Invalid CA certificate specified for EAPoL') - - ca_cert = config['pki']['ca'][ca_cert_name] + ca_cert = config['pki']['ca'][ca_cert_name] - if 'certificate' not in ca_cert: - raise ConfigError('Invalid CA certificate specified for EAPoL') + if 'certificate' not in ca_cert: + raise ConfigError('Invalid CA certificate specified for EAPoL') def verify_mirror_redirect(config): """ |