diff options
author | Daniil Baturin <daniil@vyos.io> | 2024-04-15 16:45:04 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-15 16:45:04 +0200 |
commit | 534a037ffdf017182e0c7451dc0303e6a8529ffd (patch) | |
tree | c471e64c5a7d50a9de93b9c210677f3720da86eb /src/conf_mode | |
parent | 8034e76f6b8d0813ad1a447935809efcd203be47 (diff) | |
parent | 9cd746491a4d866f208855830a7b8b3ffbb6757e (diff) | |
download | vyos-1x-534a037ffdf017182e0c7451dc0303e6a8529ffd.tar.gz vyos-1x-534a037ffdf017182e0c7451dc0303e6a8529ffd.zip |
Merge pull request #3312 from vyos/mergify/bp/sagitta/pr-3308
T5734: OpenVPN check PKI DH name exists if DH configured (backport #3308)
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces_openvpn.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py index 505ec55c6..0ecffd3be 100755 --- a/src/conf_mode/interfaces_openvpn.py +++ b/src/conf_mode/interfaces_openvpn.py @@ -198,6 +198,12 @@ def verify_pki(openvpn): raise ConfigError(f'Cannot use encrypted private key on openvpn interface {interface}') if 'dh_params' in tls: + if 'dh' not in pki: + raise ConfigError(f'pki dh is not configured') + proposed_dh = tls['dh_params'] + if proposed_dh not in pki['dh'].keys(): + raise ConfigError(f"pki dh '{proposed_dh}' is not configured") + pki_dh = pki['dh'][tls['dh_params']] dh_params = load_dh_parameters(pki_dh['parameters']) dh_numbers = dh_params.parameter_numbers() |