diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-09-08 14:36:06 +0200 |
---|---|---|
committer | Kim Hagen <kim@sentrium.io> | 2021-10-07 09:50:17 -0500 |
commit | c567b43807faa09e3bee748d06d31619f5e97aa9 (patch) | |
tree | 7360be29ed1eeeedfe74e906ce902481405a0cae /src/conf_mode | |
parent | 699d4533c543f2578c68f1d3ca9f2a2b8d5c4692 (diff) | |
download | vyos-1x-c567b43807faa09e3bee748d06d31619f5e97aa9.tar.gz vyos-1x-c567b43807faa09e3bee748d06d31619f5e97aa9.zip |
openvpn: T3805: fix bool logic in verify_pki() for client mode
Add support for OpenVPN client mode with only the CA certificate of the server
installed.
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index d57ccb354..ed4a6f77d 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -146,7 +146,7 @@ def verify_pki(openvpn): if tls['ca_certificate'] not in pki['ca']: raise ConfigError(f'Invalid CA certificate on openvpn interface {interface}') - if not (mode == 'client' and 'auth_key' in tls): + if mode != 'client' and 'auth_key' not in tls: if 'certificate' not in tls: raise ConfigError(f'Missing "tls certificate" on openvpn interface {interface}') |