summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-03-22 11:46:39 +0100
committerChristian Poessinger <christian@poessinger.com>2020-03-22 11:46:39 +0100
commitfdafecc0c569f7d5f818a5a2c56bf7ea1983d2f4 (patch)
treefd477f477561a269898b2eee681d08c1aed24b4d /src/conf_mode
parent100b910e48e79a80a0850164a8f92949985bbdea (diff)
downloadvyos-1x-fdafecc0c569f7d5f818a5a2c56bf7ea1983d2f4.tar.gz
vyos-1x-fdafecc0c569f7d5f818a5a2c56bf7ea1983d2f4.zip
sstp: T2150: use full file path on SSL certificates
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/vpn_sstp.py30
1 files changed, 11 insertions, 19 deletions
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 205702a9f..8583ece74 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -32,15 +32,11 @@ pidfile = r'/var/run/accel_sstp.pid'
sstp_cnf_dir = r'/etc/accel-ppp/sstp'
chap_secrets = sstp_cnf_dir + '/chap-secrets'
sstp_conf = sstp_cnf_dir + '/sstp.config'
-ssl_cert_dir = r'/config/user-data/sstp'
# config path creation
if not os.path.exists(sstp_cnf_dir):
os.makedirs(sstp_cnf_dir)
-if not os.path.exists(ssl_cert_dir):
- os.makedirs(ssl_cert_dir)
-
sstp_config = """### generated by vpn_sstp.py ###
[modules]
log_syslog
@@ -74,9 +70,9 @@ disable
[sstp]
verbose=1
accept=ssl
-ssl-ca-file=/config/user-data/sstp/{{ ssl_ca }}
-ssl-pemfile=/config/user-data/sstp/{{ ssl_cert }}
-ssl-keyfile=/config/user-data/sstp/{{ ssl_key }}
+ssl-ca-file={{ ssl_ca }}
+ssl-pemfile={{ ssl_cert }}
+ssl-keyfile={{ ssl_key }}
{% if client_ip_pool %}
[ip-pool]
@@ -452,22 +448,18 @@ def verify(sstp):
if not sstp['ssl_ca'] or not sstp['ssl_cert'] or not sstp['ssl_key']:
raise ConfigError('One or more SSL certificates missing')
- ssl_path = ssl_cert_dir + '/'
- if not os.path.exists(ssl_path + sstp['ssl_ca']):
- ca = ssl_path + sstp['ssl_ca']
- raise ConfigError(f'CA cert file {ca} does not exist')
+ if not os.path.exists(sstp['ssl_ca']):
+ raise ConfigError(f"CA cert file {sstp['ssl_ca']} does not exist")
- if not os.path.exists(ssl_path + sstp['ssl_cert']):
- cert = ssl_path + sstp['ssl_cert']
- raise ConfigError(f'SSL cert file {cert} does not exist')
+ if not os.path.exists(sstp['ssl_cert']):
+ raise ConfigError(f"SSL cert file {sstp['ssl_cert']} does not exist")
- if not os.path.exists(ssl_path + sstp['ssl_key']):
- key = ssl_path + sstp['ssl_key']
- raise ConfigError(f'SSL key file {key} does not exist')
+ if not os.path.exists(sstp['ssl_key']):
+ raise ConfigError(f"SSL key file {sstp['ssl_key']} does not exist")
if sstp['auth_mode'] == 'radius':
if len(sstp['radius_server']) == 0:
- raise ConfigError('RADIUS authentication requires at least one server')
+ raise ConfigError("RADIUS authentication requires at least one server")
for radius in sstp['radius_server']:
if not radius['key']:
@@ -489,7 +481,7 @@ def generate(sstp):
with open(chap_secrets, 'w') as f:
f.write(config_text)
- os.chmod(chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP )
+ os.chmod(chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP)
else:
if os.path.exists(chap_secrets):
os.unlink(chap_secrets)