diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-07-17 18:36:25 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-07-17 18:36:30 +0200 |
commit | 363d8fb22c985990a1ef199abbb43a784638902c (patch) | |
tree | 9294d0cb5f39b7b5886b3f9ea90c5264cc278991 | |
parent | eb8cd3af91bac01a3f7f99b362c8105d69bb3c55 (diff) | |
download | vyos-1x-363d8fb22c985990a1ef199abbb43a784638902c.tar.gz vyos-1x-363d8fb22c985990a1ef199abbb43a784638902c.zip |
Revert "openvpn: T56: remove strict checks for tls cert-file and key-file"
This reverts commit c414479fdf1d5ad77170f977481fb9197c9559ae.
This commit broke the smoketests and also OpenVPN complains:
Options error: You must define certificate file (--cert) or PKCS#12 file (--pkcs12)
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 20d232bd0..0256ad62a 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -332,6 +332,13 @@ def verify(openvpn): if 'ca_cert_file' not in openvpn['tls']: raise ConfigError('Must specify "tls ca-cert-file"') + if not (openvpn['mode'] == 'client' and 'auth_file' in openvpn['tls']): + if 'cert_file' not in openvpn['tls']: + raise ConfigError('Missing "tls cert-file"') + + if 'key_file' not in openvpn['tls']: + raise ConfigError('Missing "tls key-file"') + if {'auth_file', 'crypt_file'} <= set(openvpn['tls']): raise ConfigError('TLS auth and crypt are mutually exclusive') |