From 55ae2ca0b17fa1d4cd19563289466c5e8dbbcf84 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Thu, 30 May 2024 11:20:56 +0200 Subject: op-mode: ipsec: T6407: fix profile generation Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile. (cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671) --- data/templates/ipsec/ios_profile.j2 | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'data/templates') diff --git a/data/templates/ipsec/ios_profile.j2 b/data/templates/ipsec/ios_profile.j2 index eb74924b8..a9ae1c7a9 100644 --- a/data/templates/ipsec/ios_profile.j2 +++ b/data/templates/ipsec/ios_profile.j2 @@ -83,12 +83,15 @@ +{% if certs is vyos_defined %} +{% for cert in certs %} + PayloadIdentifier - org.example.ca + org.{{ cert.ca_cn | lower | replace(' ', '.') | replace('_', '.') }} PayloadUUID - {{ '' | get_uuid }} + {{ cert.ca_cn | generate_uuid4 }} PayloadType com.apple.security.root PayloadVersion @@ -96,9 +99,11 @@ PayloadContent - {{ ca_cert }} + {{ cert.ca_cert }} +{% endfor %} +{% endif %} -- cgit v1.2.3