summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-09-15 01:36:06 +0200
committerGitHub <noreply@github.com>2019-09-15 01:36:06 +0200
commit277c1c7741416314f958c5edc085193ba48aace1 (patch)
treead1a49332073f939b920a66e09aad7653ce314e9
parent00d4b8ed90d23181352871a4593d866d9aba0f06 (diff)
parentcf9ff0e3ee803dd868f5d3d29d8184a13cf745f9 (diff)
downloadvyos-1x-277c1c7741416314f958c5edc085193ba48aace1.tar.gz
vyos-1x-277c1c7741416314f958c5edc085193ba48aace1.zip
Merge pull request #129 from DmitriyEshenko/openvpn-fix
[openvpn] T1661 Fixing returned value on check function
-rwxr-xr-xsrc/conf_mode/interface-openvpn.py19
-rwxr-xr-xsrc/op_mode/show_openvpn.py4
2 files changed, 15 insertions, 8 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index 548c78535..34c094862 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -326,14 +326,14 @@ def checkCertHeader(header, filename):
Returns True on success or on file not found to not trigger the exceptions
"""
if not os.path.isfile(filename):
- return True
+ return False
with open(filename, 'r') as f:
for line in f:
if re.match(header, line):
return True
- return False
+ return True
def get_config():
openvpn = deepcopy(default_config_data)
@@ -696,8 +696,9 @@ def verify(openvpn):
#
# TLS/encryption
#
- if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
- raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
+ if openvpn['shared_secret_file']:
+ if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
+ raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
if openvpn['tls']:
if not openvpn['tls_ca_cert']:
@@ -719,11 +720,13 @@ def verify(openvpn):
if not checkCertHeader('-----BEGIN (?:RSA )?PRIVATE KEY-----', openvpn['tls_key']):
raise ConfigError('Specified key-file "{}" is not valid'.format(openvpn['tls_key']))
- if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']):
- raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl']))
+ if openvpn['tls_crl']:
+ if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']):
+ raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl']))
- if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']):
- raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh']))
+ if openvpn['tls_dh']:
+ if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']):
+ raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh']))
if openvpn['tls_role']:
if openvpn['mode'] in ['client', 'server']:
diff --git a/src/op_mode/show_openvpn.py b/src/op_mode/show_openvpn.py
index eafb645de..577ed7eb7 100755
--- a/src/op_mode/show_openvpn.py
+++ b/src/op_mode/show_openvpn.py
@@ -162,6 +162,10 @@ if __name__ == '__main__':
remote_host = config.return_effective_values('interfaces openvpn {} remote-host'.format(intf))
remote_port = config.return_effective_value('interfaces openvpn {} remote-port'.format(intf))
+
+ if not remote_port:
+ remote_port = '1194'
+
if len(remote_host) >= 1:
client['remote'] = str(remote_host[0]) + ':' + remote_port