summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-09-08 14:36:06 +0200
committerKim Hagen <kim@sentrium.io>2021-10-07 09:50:17 -0500
commitc567b43807faa09e3bee748d06d31619f5e97aa9 (patch)
tree7360be29ed1eeeedfe74e906ce902481405a0cae /src/conf_mode
parent699d4533c543f2578c68f1d3ca9f2a2b8d5c4692 (diff)
downloadvyos-1x-c567b43807faa09e3bee748d06d31619f5e97aa9.tar.gz
vyos-1x-c567b43807faa09e3bee748d06d31619f5e97aa9.zip
openvpn: T3805: fix bool logic in verify_pki() for client mode
Add support for OpenVPN client mode with only the CA certificate of the server installed.
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index d57ccb354..ed4a6f77d 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -146,7 +146,7 @@ def verify_pki(openvpn):
if tls['ca_certificate'] not in pki['ca']:
raise ConfigError(f'Invalid CA certificate on openvpn interface {interface}')
- if not (mode == 'client' and 'auth_key' in tls):
+ if mode != 'client' and 'auth_key' not in tls:
if 'certificate' not in tls:
raise ConfigError(f'Missing "tls certificate" on openvpn interface {interface}')