diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-06-09 14:39:45 +0200 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-06-10 08:28:55 +0000 |
| commit | 4485aa56a8bc5e37a1ecc7caaab10eeb354c76ab (patch) | |
| tree | 51091ca54b87ff0161d8f4de74f6b50c394f7202 /python | |
| parent | 2d98f3b17e1146db6362e302d28474fb6f5520e6 (diff) | |
| download | vyos-1x-4485aa56a8bc5e37a1ecc7caaab10eeb354c76ab.tar.gz vyos-1x-4485aa56a8bc5e37a1ecc7caaab10eeb354c76ab.zip | |
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
(cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/template.py | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py index cdcbdc6c3..a4fff649c 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -523,10 +523,17 @@ def get_esp_ike_cipher(group_config, ike_group=None): return ciphers @register_filter('get_uuid') -def get_uuid(interface): +def get_uuid(seed): """ Get interface IP addresses""" - from uuid import uuid1 - return uuid1() + if seed: + from hashlib import md5 + from uuid import UUID + tmp = md5() + tmp.update(seed.encode('utf-8')) + return str(UUID(tmp.hexdigest())) + else: + from uuid import uuid1 + return uuid1() openvpn_translate = { 'des': 'des-cbc', |