I recently tried to use pyFG's FortiConfig on a stock 100D (5.4.x firmware) Fortigate config, and found that it would truncate multi-line configurations, such as the certificate lines (which meant the resulting configs would not apply back cleanly).
From the original config:
config vpn certificate local
edit "Fortinet_CA_SSLProxy"
set certificate "-----BEGIN CERTIFICATE-----
MIID3jCCAsagAwIBAgIILmc2LyCLCs4wDQYJKoZIhvcNAQEFBQAwgaUxCzAJBgNV
...
OaKXO5cGgRFs5sSQMWunVOlATHhkMe+UQeZstT78oP4s6A==
-----END CERTIFICATE-----"
next
end
Which after adding to a FortiConfig and calling to_text() produced:
config vpn certificate local
edit Fortinet_CA_SSLProxy
set certificate "-----BEGIN CERTIFICATE-----
next
end
I'm happy to provide further details, but I think the issue is clear enough. The problem is that the parser seems to be line based, and so would need to build up a line memory if it ever doesn't encounter a closing quote (which will add complexity). At the moment it appears that quotes are removed completely, which may cause separate problems with named sections that contain spaces. So there's a fair bit of complexity surrounding handling this correctly. I'm happy to test any potential fixes for this if it would help though?
I recently tried to use pyFG's FortiConfig on a stock 100D (5.4.x firmware) Fortigate config, and found that it would truncate multi-line configurations, such as the certificate lines (which meant the resulting configs would not apply back cleanly).
From the original config:
Which after adding to a FortiConfig and calling to_text() produced:
I'm happy to provide further details, but I think the issue is clear enough. The problem is that the parser seems to be line based, and so would need to build up a line memory if it ever doesn't encounter a closing quote (which will add complexity). At the moment it appears that quotes are removed completely, which may cause separate problems with named sections that contain spaces. So there's a fair bit of complexity surrounding handling this correctly. I'm happy to test any potential fixes for this if it would help though?