From fa2518576638532aa3b23d4d72d77abc0c3f21d3 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Wed, 9 Aug 2023 19:59:15 +0100
Subject: openvpn: T5271: add peer certificate fingerprint option

---
 data/templates/openvpn/server.conf.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'data/templates/openvpn')

diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2
index d144529f3..a9bd45370 100644
--- a/data/templates/openvpn/server.conf.j2
+++ b/data/templates/openvpn/server.conf.j2
@@ -200,6 +200,14 @@ tls-client
 {%     elif tls.role is vyos_defined('passive') %}
 tls-server
 {%     endif %}
+
+{%     if peer_fingerprint is vyos_defined %}
+<peer-fingerprint>
+{%         for fp in peer_fingerprint %}
+{{ fp }}
+{%         endfor %}
+</peer-fingerprint>
+{%     endif %}
 {% endif %}
 
 # Encryption options
-- 
cgit v1.2.3