summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-09-02 16:17:49 +0200
committerGitHub <noreply@github.com>2021-09-02 16:17:49 +0200
commit9ce5a01ee0e6b7f98a354fd0bef6ca9807b028e9 (patch)
tree89ef66bc3f5c427acc8f634434998c5d3c220c93
parent3834f62915830af92dd006a8606b3cce75cbb483 (diff)
parent90031f21dc66e28f8883cb58af3f07c35b61d273 (diff)
downloadvyos-1x-9ce5a01ee0e6b7f98a354fd0bef6ca9807b028e9.tar.gz
vyos-1x-9ce5a01ee0e6b7f98a354fd0bef6ca9807b028e9.zip
Merge pull request #989 from DmitriyEshenko/1x-equuleus-02092021-03
sstp-server: T2661: Delete CA certificate redundancy check
-rw-r--r--data/templates/accel-ppp/sstp.config.tmpl2
-rwxr-xr-xsrc/conf_mode/vpn_sstp.py4
2 files changed, 3 insertions, 3 deletions
diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl
index 7ca7b1c1e..d48e9ab0d 100644
--- a/data/templates/accel-ppp/sstp.config.tmpl
+++ b/data/templates/accel-ppp/sstp.config.tmpl
@@ -29,7 +29,9 @@ disable
verbose=1
ifname=sstp%d
accept=ssl
+{% if ssl.ca_cert_file is defined and ssl.ca_cert_file is not none %}
ssl-ca-file={{ ssl.ca_cert_file }}
+{% endif %}
ssl-pemfile={{ ssl.cert_file }}
ssl-keyfile={{ ssl.key_file }}
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 47367f125..11925dfa4 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -57,9 +57,7 @@ def verify(sstp):
# SSL certificate checks
#
tmp = dict_search('ssl.ca_cert_file', sstp)
- if not tmp:
- raise ConfigError(f'SSL CA certificate file required!')
- else:
+ if tmp:
if not os.path.isfile(tmp):
raise ConfigError(f'SSL CA certificate "{tmp}" does not exist!')