summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitriyEshenko <snooppy@mail.ua>2019-09-14 21:32:36 +0000
committerDmitriyEshenko <snooppy@mail.ua>2019-09-14 21:32:36 +0000
commitcf9ff0e3ee803dd868f5d3d29d8184a13cf745f9 (patch)
treead1a49332073f939b920a66e09aad7653ce314e9
parent02195d0e54f09f57028966583b9068959c06a2af (diff)
downloadvyos-1x-cf9ff0e3ee803dd868f5d3d29d8184a13cf745f9.tar.gz
vyos-1x-cf9ff0e3ee803dd868f5d3d29d8184a13cf745f9.zip
[openvpn] T1661 Adding additional check for tls_dh if it not need for ovpn client
-rwxr-xr-xsrc/conf_mode/interface-openvpn.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index fa0af0111..34c094862 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -724,8 +724,9 @@ def verify(openvpn):
if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']):
raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl']))
- if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']):
- raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh']))
+ if openvpn['tls_dh']:
+ if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']):
+ raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh']))
if openvpn['tls_role']:
if openvpn['mode'] in ['client', 'server']: