summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-09-15 01:36:06 +0200
committerGitHub <noreply@github.com>2019-09-15 01:36:06 +0200
commit277c1c7741416314f958c5edc085193ba48aace1 (patch)
treead1a49332073f939b920a66e09aad7653ce314e9 /src/conf_mode
parent00d4b8ed90d23181352871a4593d866d9aba0f06 (diff)
parentcf9ff0e3ee803dd868f5d3d29d8184a13cf745f9 (diff)
downloadvyos-1x-277c1c7741416314f958c5edc085193ba48aace1.tar.gz
vyos-1x-277c1c7741416314f958c5edc085193ba48aace1.zip
Merge pull request #129 from DmitriyEshenko/openvpn-fix
[openvpn] T1661 Fixing returned value on check function
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interface-openvpn.py19
1 files changed, 11 insertions, 8 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index 548c78535..34c094862 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -326,14 +326,14 @@ def checkCertHeader(header, filename):
Returns True on success or on file not found to not trigger the exceptions
"""
if not os.path.isfile(filename):
- return True
+ return False
with open(filename, 'r') as f:
for line in f:
if re.match(header, line):
return True
- return False
+ return True
def get_config():
openvpn = deepcopy(default_config_data)
@@ -696,8 +696,9 @@ def verify(openvpn):
#
# TLS/encryption
#
- if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
- raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
+ if openvpn['shared_secret_file']:
+ if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
+ raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
if openvpn['tls']:
if not openvpn['tls_ca_cert']:
@@ -719,11 +720,13 @@ def verify(openvpn):
if not checkCertHeader('-----BEGIN (?:RSA )?PRIVATE KEY-----', openvpn['tls_key']):
raise ConfigError('Specified key-file "{}" is not valid'.format(openvpn['tls_key']))
- if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']):
- raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl']))
+ if openvpn['tls_crl']:
+ if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']):
+ raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl']))
- if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']):
- raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh']))
+ if openvpn['tls_dh']:
+ if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']):
+ raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh']))
if openvpn['tls_role']:
if openvpn['mode'] in ['client', 'server']: