summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorDmitriyEshenko <snooppy@mail.ua>2019-09-14 20:18:00 +0000
committerDmitriyEshenko <snooppy@mail.ua>2019-09-14 20:18:00 +0000
commit5a132333955be5d557a6f57bb783b898cababbf4 (patch)
tree0e260873dcc7c9b2780bced82c20aa0dd37b3441 /src/conf_mode
parent00d4b8ed90d23181352871a4593d866d9aba0f06 (diff)
downloadvyos-1x-5a132333955be5d557a6f57bb783b898cababbf4.tar.gz
vyos-1x-5a132333955be5d557a6f57bb783b898cababbf4.zip
[openvpn] T1661 Fixing returned value on check function
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interface-openvpn.py14
1 files changed, 8 insertions, 6 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index 548c78535..fa0af0111 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -326,14 +326,14 @@ def checkCertHeader(header, filename):
Returns True on success or on file not found to not trigger the exceptions
"""
if not os.path.isfile(filename):
- return True
+ return False
with open(filename, 'r') as f:
for line in f:
if re.match(header, line):
return True
- return False
+ return True
def get_config():
openvpn = deepcopy(default_config_data)
@@ -696,8 +696,9 @@ def verify(openvpn):
#
# TLS/encryption
#
- if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
- raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
+ if openvpn['shared_secret_file']:
+ if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
+ raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
if openvpn['tls']:
if not openvpn['tls_ca_cert']:
@@ -719,8 +720,9 @@ def verify(openvpn):
if not checkCertHeader('-----BEGIN (?:RSA )?PRIVATE KEY-----', openvpn['tls_key']):
raise ConfigError('Specified key-file "{}" is not valid'.format(openvpn['tls_key']))
- if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']):
- raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl']))
+ if openvpn['tls_crl']:
+ if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']):
+ raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl']))
if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']):
raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh']))