diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-07-01 20:48:25 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-07-01 20:48:25 +0200 |
| commit | d565d4baffb930462f1a913d6f8a80111958a6f8 (patch) | |
| tree | 5c30d2ec491cf5ca2266b87c4ac54842a1b1c009 /src/conf_mode/vpn_ipsec.py | |
| parent | 63e6c00864a8a4134c9bd3187d2422a6511c84b0 (diff) | |
| download | vyos-1x-d565d4baffb930462f1a913d6f8a80111958a6f8.tar.gz vyos-1x-d565d4baffb930462f1a913d6f8a80111958a6f8.zip | |
ipsec: T3643: bugfix on wrong destination file path for x509 key file
Commit a6b526fd982 ("ipsec: T3643: us vyos.util.copy_file() over raw UNIX cp
command") used a new helper to copy the x509 certificate files, but it also
added a bug where the certificate key file was copied to the wrong location.
This has been fixed and the corect path is used again.
Diffstat (limited to 'src/conf_mode/vpn_ipsec.py')
| -rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 83c99798c..a141fdddf 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -342,17 +342,18 @@ def generate(ipsec): continue if peer_conf['authentication']['mode'] == 'x509': - cert_file = os.path.join(X509_PATH, peer_conf['authentication']['x509']['cert_file']) + cert_file = os.path.join(X509_PATH, dict_search('authentication.x509.cert_file', peer_conf)) copy_file(cert_file, CERT_PATH, True) - key_file = os.path.join(X509_PATH, peer_conf['authentication']['x509']['key']['file']) - copy_file(key_file, X509_PATH, True) + key_file = os.path.join(X509_PATH, dict_search('authentication.x509.key.file', peer_conf)) + copy_file(key_file, KEY_PATH, True) - ca_cert_file = os.path.join(X509_PATH, peer_conf['authentication']['x509']['ca_cert_file']) + ca_cert_file = os.path.join(X509_PATH, dict_search('authentication.x509.ca_cert_file', peer_conf)) copy_file(ca_cert_file, CA_PATH, True) - if 'crl_file' in peer_conf['authentication']['x509']: - crl_file = os.path.join(X509_PATH, peer_conf['authentication']['x509']['crl_file']) + crl = dict_search('authentication.x509.crl_file', peer_conf) + if crl: + crl_file = os.path.join(X509_PATH, crl) copy_file(crl_file, CRL_PATH, True) local_ip = '' |