diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-08-31 00:11:59 +0200 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-08-31 00:16:03 +0200 |
| commit | 493d060922f638d81dd5d4a81ffdf19e16943e3e (patch) | |
| tree | 33b866c4c3e6ded5d040fc6bca21c6670fb6213e /src | |
| parent | d3edda22573fb9c9d1c469f14f5a3eec9ca512a5 (diff) | |
| download | vyos-1x-493d060922f638d81dd5d4a81ffdf19e16943e3e.tar.gz vyos-1x-493d060922f638d81dd5d4a81ffdf19e16943e3e.zip | |
eapol: T4782: Support multiple CA chains
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/interfaces-ethernet.py | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index b015bba88..f3e65ad5e 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -186,14 +186,15 @@ def generate(ethernet): if 'ca_certificate' in ethernet['eapol']: ca_cert_file_path = os.path.join(cfg_dir, f'{ifname}_ca.pem') - ca_cert_name = ethernet['eapol']['ca_certificate'] - pki_ca_cert = ethernet['pki']['ca'][ca_cert_name] + ca_chains = [] - loaded_ca_cert = load_certificate(pki_ca_cert['certificate']) - ca_full_chain = find_chain(loaded_ca_cert, loaded_ca_certs) + for ca_cert_name in ethernet['eapol']['ca_certificate']: + pki_ca_cert = ethernet['pki']['ca'][ca_cert_name] + loaded_ca_cert = load_certificate(pki_ca_cert['certificate']) + ca_full_chain = find_chain(loaded_ca_cert, loaded_ca_certs) + ca_chains.append('\n'.join(encode_certificate(c) for c in ca_full_chain)) - write_file(ca_cert_file_path, - '\n'.join(encode_certificate(c) for c in ca_full_chain)) + write_file(ca_cert_file_path, '\n'.join(ca_chains)) return None |