diff options
author | DmitriyEshenko <snooppy@mail.ua> | 2019-09-14 20:18:00 +0000 |
---|---|---|
committer | DmitriyEshenko <snooppy@mail.ua> | 2019-09-14 20:18:00 +0000 |
commit | 5a132333955be5d557a6f57bb783b898cababbf4 (patch) | |
tree | 0e260873dcc7c9b2780bced82c20aa0dd37b3441 | |
parent | 00d4b8ed90d23181352871a4593d866d9aba0f06 (diff) | |
download | vyos-1x-5a132333955be5d557a6f57bb783b898cababbf4.tar.gz vyos-1x-5a132333955be5d557a6f57bb783b898cababbf4.zip |
[openvpn] T1661 Fixing returned value on check function
-rwxr-xr-x | src/conf_mode/interface-openvpn.py | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index 548c78535..fa0af0111 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -326,14 +326,14 @@ def checkCertHeader(header, filename): Returns True on success or on file not found to not trigger the exceptions """ if not os.path.isfile(filename): - return True + return False with open(filename, 'r') as f: for line in f: if re.match(header, line): return True - return False + return True def get_config(): openvpn = deepcopy(default_config_data) @@ -696,8 +696,9 @@ def verify(openvpn): # # TLS/encryption # - if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']): - raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file'])) + if openvpn['shared_secret_file']: + if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']): + raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file'])) if openvpn['tls']: if not openvpn['tls_ca_cert']: @@ -719,8 +720,9 @@ def verify(openvpn): if not checkCertHeader('-----BEGIN (?:RSA )?PRIVATE KEY-----', openvpn['tls_key']): raise ConfigError('Specified key-file "{}" is not valid'.format(openvpn['tls_key'])) - if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']): - raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl'])) + if openvpn['tls_crl']: + if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']): + raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl'])) if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']): raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh'])) |