diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-09-15 20:13:07 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-09-15 20:13:07 +0200 |
| commit | c4d0b9ed4736911d341efdebf34997e6cee8c5a8 (patch) | |
| tree | 69a17499eb72a52b33cf5b92551316b879984694 /src/conf_mode/interface-openvpn.py | |
| parent | a9a68a6f1086fd4c978deaf5ddace69c18443756 (diff) | |
| parent | 6e169b011569bddd0c07d476528a3ecad56e6499 (diff) | |
| download | vyos-1x-c4d0b9ed4736911d341efdebf34997e6cee8c5a8.tar.gz vyos-1x-c4d0b9ed4736911d341efdebf34997e6cee8c5a8.zip | |
Merge branch 'current' of github.com:vyos/vyos-1x into equuleus
* 'current' of github.com:vyos/vyos-1x:
bonding: T1614: do not overwrite interface description with interface name
[openvpn] T1661 Adding additional check for tls_dh if it not need for ovpn client
[openvpn] T1662 Defined default remote port if it not set in cli
[openvpn] T1661 Fixing returned value on check function
bonding: T1614: use proper (previously missing) miimon property
Python/ifconfig: T1557: bonding: add miimon property
Python/ifconfig: T1557: bonding: fix class name in comments
bonding: T1660: bugfix for triggered OS permission denied exception
Revert "[bonding] T1660 Adding additional check. Some bonding mode don't support arp_interval"
[bonding] T1660 Adding additional check. Some bonding mode don't support arp_interval
[l2tp] T834 Implementation advanced ppp-options/lcp.
openvpn: T1548: fix missing sys import
[l2tp] T834 fix cli reset commands for l2tp and pptp. Adding l2tp%d tunnel naming.
Diffstat (limited to 'src/conf_mode/interface-openvpn.py')
| -rwxr-xr-x | src/conf_mode/interface-openvpn.py | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index 548c78535..34c094862 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -326,14 +326,14 @@ def checkCertHeader(header, filename): Returns True on success or on file not found to not trigger the exceptions """ if not os.path.isfile(filename): - return True + return False with open(filename, 'r') as f: for line in f: if re.match(header, line): return True - return False + return True def get_config(): openvpn = deepcopy(default_config_data) @@ -696,8 +696,9 @@ def verify(openvpn): # # TLS/encryption # - if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']): - raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file'])) + if openvpn['shared_secret_file']: + if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']): + raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file'])) if openvpn['tls']: if not openvpn['tls_ca_cert']: @@ -719,11 +720,13 @@ def verify(openvpn): if not checkCertHeader('-----BEGIN (?:RSA )?PRIVATE KEY-----', openvpn['tls_key']): raise ConfigError('Specified key-file "{}" is not valid'.format(openvpn['tls_key'])) - if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']): - raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl'])) + if openvpn['tls_crl']: + if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']): + raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl'])) - if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']): - raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh'])) + if openvpn['tls_dh']: + if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']): + raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh'])) if openvpn['tls_role']: if openvpn['mode'] in ['client', 'server']: |