diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-09-08 14:36:06 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-09-08 14:36:06 +0200 |
commit | 588cc03a61414e8f9f35285b9b961c2004e24751 (patch) | |
tree | 54ece4f0df03f1b10abdadef1b2661082fc576d4 /src/conf_mode/interfaces-openvpn.py | |
parent | 2647edc30f1e02840cae62fde8b44345d35ac720 (diff) | |
download | vyos-1x-588cc03a61414e8f9f35285b9b961c2004e24751.tar.gz vyos-1x-588cc03a61414e8f9f35285b9b961c2004e24751.zip |
openvpn: T3805: fix bool logic in verify_pki() for client mode
Add support for OpenVPN client mode with only the CA certificate of the server
installed.
Diffstat (limited to 'src/conf_mode/interfaces-openvpn.py')
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index bbf17ed5a..02b7f83bf 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -126,7 +126,7 @@ def verify_pki(openvpn): if tls['ca_certificate'] not in pki['ca']: raise ConfigError(f'Invalid CA certificate on openvpn interface {interface}') - if not (mode == 'client' and 'auth_key' in tls): + if mode != 'client' and 'auth_key' not in tls: if 'certificate' not in tls: raise ConfigError(f'Missing "tls certificate" on openvpn interface {interface}') |