summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex W <embezzle.dev@proton.me>2024-05-26 21:50:01 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-05-27 06:39:47 +0000
commitd575ce3cc2163eaa851e1909ad74e96a7f00c208 (patch)
tree483315b73ce21fbfe70d60bb7376de75b5a8894f
parentb35188de4f872c76c0b8320b8f9ccefb63a081ae (diff)
downloadvyos-1x-d575ce3cc2163eaa851e1909ad74e96a7f00c208.tar.gz
vyos-1x-d575ce3cc2163eaa851e1909ad74e96a7f00c208.zip
reverse-proxy: T6402: Fix invalid checks in validation script
(cherry picked from commit d4d70929a81b2ee1f66a9412a3545911b3874a62)
-rwxr-xr-xsrc/conf_mode/load-balancing_reverse-proxy.py10
1 files changed, 5 insertions, 5 deletions
diff --git a/src/conf_mode/load-balancing_reverse-proxy.py b/src/conf_mode/load-balancing_reverse-proxy.py
index a4efb1cd8..b6db110ae 100755
--- a/src/conf_mode/load-balancing_reverse-proxy.py
+++ b/src/conf_mode/load-balancing_reverse-proxy.py
@@ -88,22 +88,22 @@ def verify(lb):
if {'send_proxy', 'send_proxy_v2'} <= set(bk_server_conf):
raise ConfigError(f'Cannot use both "send-proxy" and "send-proxy-v2" for server "{bk_server}"')
+ if 'ssl' in back_config:
+ if {'no_verify', 'ca_certificate'} <= set(back_config['ssl']):
+ raise ConfigError(f'backend {back} cannot have both ssl options no-verify and ca-certificate set!')
+
# Check if http-response-headers are configured in any frontend/backend where mode != http
for group in ['service', 'backend']:
for config_name, config in lb[group].items():
if 'http_response_headers' in config and ('mode' not in config or config['mode'] != 'http'):
raise ConfigError(f'{group} {config_name} must be set to http mode to use http_response_headers!')
- if 'ssl' in back_config:
- if {'no_verify', 'ca_certificate'} <= set(back_config['ssl']):
- raise ConfigError(f'backend {back} cannot have both ssl options no-verify and ca-certificate set!')
-
for front, front_config in lb['service'].items():
for cert in dict_search('ssl.certificate', front_config) or []:
verify_pki_certificate(lb, cert)
for back, back_config in lb['backend'].items():
- tmp = dict_search('ssl.ca_certificate', front_config)
+ tmp = dict_search('ssl.ca_certificate', back_config)
if tmp: verify_pki_ca_certificate(lb, tmp)