diff options
author | Christian Breunig <christian@breunig.cc> | 2023-08-31 17:14:53 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-31 17:14:53 +0200 |
commit | ca0cf364f05b391fbe2ebd1e87e2a022d94a2e6d (patch) | |
tree | 8452663292e66d52a0411a7ae4f8c9b2c5eaa02e /src | |
parent | af737cf57e53a08a53ec2037ee476ee9098d8216 (diff) | |
parent | 493d060922f638d81dd5d4a81ffdf19e16943e3e (diff) | |
download | vyos-1x-ca0cf364f05b391fbe2ebd1e87e2a022d94a2e6d.tar.gz vyos-1x-ca0cf364f05b391fbe2ebd1e87e2a022d94a2e6d.zip |
Merge pull request #2190 from sarthurdev/T4782
eapol: T4782: Support multiple CA chains
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/interfaces-ethernet.py | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index b015bba88..f3e65ad5e 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -186,14 +186,15 @@ def generate(ethernet): if 'ca_certificate' in ethernet['eapol']: ca_cert_file_path = os.path.join(cfg_dir, f'{ifname}_ca.pem') - ca_cert_name = ethernet['eapol']['ca_certificate'] - pki_ca_cert = ethernet['pki']['ca'][ca_cert_name] + ca_chains = [] - loaded_ca_cert = load_certificate(pki_ca_cert['certificate']) - ca_full_chain = find_chain(loaded_ca_cert, loaded_ca_certs) + for ca_cert_name in ethernet['eapol']['ca_certificate']: + pki_ca_cert = ethernet['pki']['ca'][ca_cert_name] + loaded_ca_cert = load_certificate(pki_ca_cert['certificate']) + ca_full_chain = find_chain(loaded_ca_cert, loaded_ca_certs) + ca_chains.append('\n'.join(encode_certificate(c) for c in ca_full_chain)) - write_file(ca_cert_file_path, - '\n'.join(encode_certificate(c) for c in ca_full_chain)) + write_file(ca_cert_file_path, '\n'.join(ca_chains)) return None |