From fc6926fdf32a7bdf9f943c7818ee6ea4a8131fba Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 8 Jan 2024 20:42:17 +0100
Subject: pki: T5911: fix service update algorithm if certificate name contains
 a hyphen (-)

When testing for changed PKI certificates using node_changed(), we should not
use key_mangling=('-', '_'), as this will make certificate updates with a hypen
not possible.
---
 src/conf_mode/pki.py | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py
index 239e44c3b..4be40e99e 100755
--- a/src/conf_mode/pki.py
+++ b/src/conf_mode/pki.py
@@ -130,28 +130,27 @@ def get_config(config=None):
     if len(argv) > 1 and argv[1] == 'certbot_renew':
         pki['certbot_renew'] = {}
 
-    tmp = node_changed(conf, base + ['ca'], key_mangling=('-', '_'), recursive=True)
+    tmp = node_changed(conf, base + ['ca'], recursive=True)
     if tmp:
         if 'changed' not in pki: pki.update({'changed':{}})
         pki['changed'].update({'ca' : tmp})
 
-    tmp = node_changed(conf, base + ['certificate'], key_mangling=('-', '_'), recursive=True)
+    tmp = node_changed(conf, base + ['certificate'], recursive=True)
     if tmp:
         if 'changed' not in pki: pki.update({'changed':{}})
         pki['changed'].update({'certificate' : tmp})
 
-    tmp = node_changed(conf, base + ['dh'], key_mangling=('-', '_'), recursive=True)
+    tmp = node_changed(conf, base + ['dh'], recursive=True)
     if tmp:
         if 'changed' not in pki: pki.update({'changed':{}})
         pki['changed'].update({'dh' : tmp})
 
-    tmp = node_changed(conf, base + ['key-pair'], key_mangling=('-', '_'), recursive=True)
+    tmp = node_changed(conf, base + ['key-pair'], recursive=True)
     if tmp:
         if 'changed' not in pki: pki.update({'changed':{}})
         pki['changed'].update({'key_pair' : tmp})
 
-    tmp = node_changed(conf, base + ['openvpn', 'shared-secret'], key_mangling=('-', '_'),
-                       recursive=True)
+    tmp = node_changed(conf, base + ['openvpn', 'shared-secret'], recursive=True)
     if tmp:
         if 'changed' not in pki: pki.update({'changed':{}})
         pki['changed'].update({'openvpn' : tmp})
-- 
cgit v1.2.3