summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYun Zheng Hu <yunzheng.hu@gmail.com>2021-07-13 00:06:23 +0200
committerYun Zheng Hu <yunzheng.hu@gmail.com>2021-07-13 00:06:23 +0200
commitc414479fdf1d5ad77170f977481fb9197c9559ae (patch)
tree5d72e25c439e6a5f0cbd709597e352e527c2580a
parent83721c1ce672b76d40c710f38b0ab05c370a2191 (diff)
downloadvyos-1x-c414479fdf1d5ad77170f977481fb9197c9559ae.tar.gz
vyos-1x-c414479fdf1d5ad77170f977481fb9197c9559ae.zip
openvpn: T56: remove strict checks for tls cert-file and key-file
This makes the tls cert-file and key-file optional and allows for more advanced configurations via "openvpn-option", such as pkcs11 or pkcs12 options.
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py7
1 files changed, 0 insertions, 7 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 0256ad62a..20d232bd0 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -332,13 +332,6 @@ def verify(openvpn):
if 'ca_cert_file' not in openvpn['tls']:
raise ConfigError('Must specify "tls ca-cert-file"')
- if not (openvpn['mode'] == 'client' and 'auth_file' in openvpn['tls']):
- if 'cert_file' not in openvpn['tls']:
- raise ConfigError('Missing "tls cert-file"')
-
- if 'key_file' not in openvpn['tls']:
- raise ConfigError('Missing "tls key-file"')
-
if {'auth_file', 'crypt_file'} <= set(openvpn['tls']):
raise ConfigError('TLS auth and crypt are mutually exclusive')