summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-08-31 17:14:53 +0200
committerGitHub <noreply@github.com>2023-08-31 17:14:53 +0200
commitca0cf364f05b391fbe2ebd1e87e2a022d94a2e6d (patch)
tree8452663292e66d52a0411a7ae4f8c9b2c5eaa02e /src
parentaf737cf57e53a08a53ec2037ee476ee9098d8216 (diff)
parent493d060922f638d81dd5d4a81ffdf19e16943e3e (diff)
downloadvyos-1x-ca0cf364f05b391fbe2ebd1e87e2a022d94a2e6d.tar.gz
vyos-1x-ca0cf364f05b391fbe2ebd1e87e2a022d94a2e6d.zip
Merge pull request #2190 from sarthurdev/T4782
eapol: T4782: Support multiple CA chains
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/interfaces-ethernet.py13
1 files changed, 7 insertions, 6 deletions
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index b015bba88..f3e65ad5e 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -186,14 +186,15 @@ def generate(ethernet):
if 'ca_certificate' in ethernet['eapol']:
ca_cert_file_path = os.path.join(cfg_dir, f'{ifname}_ca.pem')
- ca_cert_name = ethernet['eapol']['ca_certificate']
- pki_ca_cert = ethernet['pki']['ca'][ca_cert_name]
+ ca_chains = []
- loaded_ca_cert = load_certificate(pki_ca_cert['certificate'])
- ca_full_chain = find_chain(loaded_ca_cert, loaded_ca_certs)
+ for ca_cert_name in ethernet['eapol']['ca_certificate']:
+ pki_ca_cert = ethernet['pki']['ca'][ca_cert_name]
+ loaded_ca_cert = load_certificate(pki_ca_cert['certificate'])
+ ca_full_chain = find_chain(loaded_ca_cert, loaded_ca_certs)
+ ca_chains.append('\n'.join(encode_certificate(c) for c in ca_full_chain))
- write_file(ca_cert_file_path,
- '\n'.join(encode_certificate(c) for c in ca_full_chain))
+ write_file(ca_cert_file_path, '\n'.join(ca_chains))
return None