op-mode: T6424: ipsec: filter out duplicate CA certificates in Apple IOS profile

(cherry picked from commit 4e51569013b3f78abea9c18e5a6ecb9ff5ae4687)
author: Christian Breunig <christian@breunig.cc> 2024-06-09 14:54:32 +0200
committer: Mergify <37929162+mergify[bot]@users.noreply.github.com> 2024-06-10 08:28:55 +0000
commit: 92bea910f6ff89c57bff382d7dc44c9118dbdce1 (patch)
tree: b20ccbdd1b53f0fd0b36a6885c685ca71e167b87 /src
parent: 4485aa56a8bc5e37a1ecc7caaab10eeb354c76ab (diff)
download: vyos-1x-92bea910f6ff89c57bff382d7dc44c9118dbdce1.tar.gz
vyos-1x-92bea910f6ff89c57bff382d7dc44c9118dbdce1.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/op_mode/ikev2_profile_generator.py b/src/op_mode/ikev2_profile_generator.py
index b55fdeab2..169a15840 100755
--- a/src/op_mode/ikev2_profile_generator.py
+++ b/src/op_mode/ikev2_profile_generator.py
@@ -168,6 +168,10 @@ for ca_name in data['authentication']['x509']['ca_certificate']:
         }
         data['ca_certificates'].append(tmp)
 
+# Remove duplicate list entries for CA certificates, as they are added by their common name
+# https://stackoverflow.com/a/9427216
+data['ca_certificates'] = [dict(t) for t in {tuple(d.items()) for d in data['ca_certificates']}]
+
 esp_proposals = conf.get_config_dict(ipsec_base + ['esp-group', data['esp_group'], 'proposal'],
                                      key_mangling=('-', '_'), get_first_key=True)
 ike_proposal = conf.get_config_dict(ipsec_base + ['ike-group', data['ike_group'], 'proposal'],
author	Christian Breunig <christian@breunig.cc>	2024-06-09 14:54:32 +0200
committer	Mergify <37929162+mergify[bot]@users.noreply.github.com>	2024-06-10 08:28:55 +0000
commit	92bea910f6ff89c57bff382d7dc44c9118dbdce1 (patch)
tree	b20ccbdd1b53f0fd0b36a6885c685ca71e167b87 /src
parent	4485aa56a8bc5e37a1ecc7caaab10eeb354c76ab (diff)
download	vyos-1x-92bea910f6ff89c57bff382d7dc44c9118dbdce1.tar.gz vyos-1x-92bea910f6ff89c57bff382d7dc44c9118dbdce1.zip