diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-09-15 01:36:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-15 01:36:06 +0200 |
commit | 277c1c7741416314f958c5edc085193ba48aace1 (patch) | |
tree | ad1a49332073f939b920a66e09aad7653ce314e9 /src/conf_mode/interface-openvpn.py | |
parent | 00d4b8ed90d23181352871a4593d866d9aba0f06 (diff) | |
parent | cf9ff0e3ee803dd868f5d3d29d8184a13cf745f9 (diff) | |
download | vyos-1x-277c1c7741416314f958c5edc085193ba48aace1.tar.gz vyos-1x-277c1c7741416314f958c5edc085193ba48aace1.zip |
Merge pull request #129 from DmitriyEshenko/openvpn-fix
[openvpn] T1661 Fixing returned value on check function
Diffstat (limited to 'src/conf_mode/interface-openvpn.py')
-rwxr-xr-x | src/conf_mode/interface-openvpn.py | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index 548c78535..34c094862 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -326,14 +326,14 @@ def checkCertHeader(header, filename): Returns True on success or on file not found to not trigger the exceptions """ if not os.path.isfile(filename): - return True + return False with open(filename, 'r') as f: for line in f: if re.match(header, line): return True - return False + return True def get_config(): openvpn = deepcopy(default_config_data) @@ -696,8 +696,9 @@ def verify(openvpn): # # TLS/encryption # - if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']): - raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file'])) + if openvpn['shared_secret_file']: + if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']): + raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file'])) if openvpn['tls']: if not openvpn['tls_ca_cert']: @@ -719,11 +720,13 @@ def verify(openvpn): if not checkCertHeader('-----BEGIN (?:RSA )?PRIVATE KEY-----', openvpn['tls_key']): raise ConfigError('Specified key-file "{}" is not valid'.format(openvpn['tls_key'])) - if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']): - raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl'])) + if openvpn['tls_crl']: + if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']): + raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl'])) - if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']): - raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh'])) + if openvpn['tls_dh']: + if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']): + raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh'])) if openvpn['tls_role']: if openvpn['mode'] in ['client', 'server']: |