diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-10-29 22:14:48 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-10-29 22:15:19 +0200 |
| commit | 0852c588d5557052af442cb1a3887f94046fa0f4 (patch) | |
| tree | e1a0c94c8e58980168f29ae70bbc223e44b5c49d /src | |
| parent | be63194790559cca79bf1575094b4607b0500a0f (diff) | |
| download | vyos-1x-0852c588d5557052af442cb1a3887f94046fa0f4.tar.gz vyos-1x-0852c588d5557052af442cb1a3887f94046fa0f4.zip | |
https: pki: T3642: embed CA certificate into chain if specified
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/https.py | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index be4380462..92dc4a410 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -28,6 +28,7 @@ from vyos.pki import wrap_certificate from vyos.pki import wrap_private_key from vyos.template import render from vyos.util import call +from vyos.util import write_file from vyos import airbag airbag.enable() @@ -139,15 +140,18 @@ def generate(https): cert_path = os.path.join(cert_dir, f'{cert_name}.pem') key_path = os.path.join(key_dir, f'{cert_name}.pem') - with open(cert_path, 'w') as f: - f.write(wrap_certificate(pki_cert['certificate'])) + server_cert = str(wrap_certificate(pki_cert['certificate'])) + if 'ca-certificate' in cert_dict: + ca_cert = cert_dict['ca-certificate'] + print(ca_cert) + server_cert += '\n' + str(wrap_certificate(https['pki']['ca'][ca_cert]['certificate'])) - with open(key_path, 'w') as f: - f.write(wrap_private_key(pki_cert['private']['key'])) + write_file(cert_path, server_cert) + write_file(key_path, wrap_private_key(pki_cert['private']['key'])) vyos_cert_data = { - "crt": cert_path, - "key": key_path + 'crt': cert_path, + 'key': key_path } for block in server_block_list: |