diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-06-09 14:39:45 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-06-09 22:03:50 +0200 |
| commit | d65f43589612c30dfaa5ce30aca5b8b48bf73211 (patch) | |
| tree | 59d6a579730ba21edc84922dd8f92cc124d605ba /python | |
| parent | 395bd4eb850ff5763a82f29b1ff398c41e200f09 (diff) | |
| download | vyos-1x-d65f43589612c30dfaa5ce30aca5b8b48bf73211.tar.gz vyos-1x-d65f43589612c30dfaa5ce30aca5b8b48bf73211.zip | |
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/template.py | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py index fbc5f1456..e8d7ba669 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -525,10 +525,17 @@ def get_esp_ike_cipher(group_config, ike_group=None): return ciphers @register_filter('get_uuid') -def get_uuid(interface): +def get_uuid(seed): """ Get interface IP addresses""" - from uuid import uuid1 - return uuid1() + if seed: + from hashlib import md5 + from uuid import UUID + tmp = md5() + tmp.update(seed.encode('utf-8')) + return str(UUID(tmp.hexdigest())) + else: + from uuid import uuid1 + return uuid1() openvpn_translate = { 'des': 'des-cbc', |