From d565d4baffb930462f1a913d6f8a80111958a6f8 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 1 Jul 2021 20:48:25 +0200 Subject: ipsec: T3643: bugfix on wrong destination file path for x509 key file Commit a6b526fd982 ("ipsec: T3643: us vyos.util.copy_file() over raw UNIX cp command") used a new helper to copy the x509 certificate files, but it also added a bug where the certificate key file was copied to the wrong location. This has been fixed and the corect path is used again. --- src/conf_mode/vpn_ipsec.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 83c99798c..a141fdddf 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -342,17 +342,18 @@ def generate(ipsec): continue if peer_conf['authentication']['mode'] == 'x509': - cert_file = os.path.join(X509_PATH, peer_conf['authentication']['x509']['cert_file']) + cert_file = os.path.join(X509_PATH, dict_search('authentication.x509.cert_file', peer_conf)) copy_file(cert_file, CERT_PATH, True) - key_file = os.path.join(X509_PATH, peer_conf['authentication']['x509']['key']['file']) - copy_file(key_file, X509_PATH, True) + key_file = os.path.join(X509_PATH, dict_search('authentication.x509.key.file', peer_conf)) + copy_file(key_file, KEY_PATH, True) - ca_cert_file = os.path.join(X509_PATH, peer_conf['authentication']['x509']['ca_cert_file']) + ca_cert_file = os.path.join(X509_PATH, dict_search('authentication.x509.ca_cert_file', peer_conf)) copy_file(ca_cert_file, CA_PATH, True) - if 'crl_file' in peer_conf['authentication']['x509']: - crl_file = os.path.join(X509_PATH, peer_conf['authentication']['x509']['crl_file']) + crl = dict_search('authentication.x509.crl_file', peer_conf) + if crl: + crl_file = os.path.join(X509_PATH, crl) copy_file(crl_file, CRL_PATH, True) local_ip = '' -- cgit v1.2.3