diff options
author | Yun Zheng Hu <yunzheng.hu@gmail.com> | 2021-07-13 00:06:23 +0200 |
---|---|---|
committer | Yun Zheng Hu <yunzheng.hu@gmail.com> | 2021-07-13 00:06:23 +0200 |
commit | c414479fdf1d5ad77170f977481fb9197c9559ae (patch) | |
tree | 5d72e25c439e6a5f0cbd709597e352e527c2580a /src/conf_mode | |
parent | 83721c1ce672b76d40c710f38b0ab05c370a2191 (diff) | |
download | vyos-1x-c414479fdf1d5ad77170f977481fb9197c9559ae.tar.gz vyos-1x-c414479fdf1d5ad77170f977481fb9197c9559ae.zip |
openvpn: T56: remove strict checks for tls cert-file and key-file
This makes the tls cert-file and key-file optional and allows for more
advanced configurations via "openvpn-option", such as pkcs11 or pkcs12
options.
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 0256ad62a..20d232bd0 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -332,13 +332,6 @@ def verify(openvpn): if 'ca_cert_file' not in openvpn['tls']: raise ConfigError('Must specify "tls ca-cert-file"') - if not (openvpn['mode'] == 'client' and 'auth_file' in openvpn['tls']): - if 'cert_file' not in openvpn['tls']: - raise ConfigError('Missing "tls cert-file"') - - if 'key_file' not in openvpn['tls']: - raise ConfigError('Missing "tls key-file"') - if {'auth_file', 'crypt_file'} <= set(openvpn['tls']): raise ConfigError('TLS auth and crypt are mutually exclusive') |