From 0852c588d5557052af442cb1a3887f94046fa0f4 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 29 Oct 2021 22:14:48 +0200 Subject: https: pki: T3642: embed CA certificate into chain if specified --- interface-definitions/https.xml.in | 1 + src/conf_mode/https.py | 16 ++++++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in index bb6f71744..f60df7c34 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/https.xml.in @@ -121,6 +121,7 @@ TLS certificates + #include #include diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index be4380462..92dc4a410 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -28,6 +28,7 @@ from vyos.pki import wrap_certificate from vyos.pki import wrap_private_key from vyos.template import render from vyos.util import call +from vyos.util import write_file from vyos import airbag airbag.enable() @@ -139,15 +140,18 @@ def generate(https): cert_path = os.path.join(cert_dir, f'{cert_name}.pem') key_path = os.path.join(key_dir, f'{cert_name}.pem') - with open(cert_path, 'w') as f: - f.write(wrap_certificate(pki_cert['certificate'])) + server_cert = str(wrap_certificate(pki_cert['certificate'])) + if 'ca-certificate' in cert_dict: + ca_cert = cert_dict['ca-certificate'] + print(ca_cert) + server_cert += '\n' + str(wrap_certificate(https['pki']['ca'][ca_cert]['certificate'])) - with open(key_path, 'w') as f: - f.write(wrap_private_key(pki_cert['private']['key'])) + write_file(cert_path, server_cert) + write_file(key_path, wrap_private_key(pki_cert['private']['key'])) vyos_cert_data = { - "crt": cert_path, - "key": key_path + 'crt': cert_path, + 'key': key_path } for block in server_block_list: -- cgit v1.2.3