summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-17 18:36:25 +0200
committerChristian Poessinger <christian@poessinger.com>2021-07-17 18:36:30 +0200
commit363d8fb22c985990a1ef199abbb43a784638902c (patch)
tree9294d0cb5f39b7b5886b3f9ea90c5264cc278991
parenteb8cd3af91bac01a3f7f99b362c8105d69bb3c55 (diff)
downloadvyos-1x-363d8fb22c985990a1ef199abbb43a784638902c.tar.gz
vyos-1x-363d8fb22c985990a1ef199abbb43a784638902c.zip
Revert "openvpn: T56: remove strict checks for tls cert-file and key-file"
This reverts commit c414479fdf1d5ad77170f977481fb9197c9559ae. This commit broke the smoketests and also OpenVPN complains: Options error: You must define certificate file (--cert) or PKCS#12 file (--pkcs12)
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 20d232bd0..0256ad62a 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -332,6 +332,13 @@ def verify(openvpn):
if 'ca_cert_file' not in openvpn['tls']:
raise ConfigError('Must specify "tls ca-cert-file"')
+ if not (openvpn['mode'] == 'client' and 'auth_file' in openvpn['tls']):
+ if 'cert_file' not in openvpn['tls']:
+ raise ConfigError('Missing "tls cert-file"')
+
+ if 'key_file' not in openvpn['tls']:
+ raise ConfigError('Missing "tls key-file"')
+
if {'auth_file', 'crypt_file'} <= set(openvpn['tls']):
raise ConfigError('TLS auth and crypt are mutually exclusive')