summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-09-08 14:36:06 +0200
committerChristian Poessinger <christian@poessinger.com>2021-09-08 14:36:06 +0200
commit588cc03a61414e8f9f35285b9b961c2004e24751 (patch)
tree54ece4f0df03f1b10abdadef1b2661082fc576d4 /src/conf_mode
parent2647edc30f1e02840cae62fde8b44345d35ac720 (diff)
downloadvyos-1x-588cc03a61414e8f9f35285b9b961c2004e24751.tar.gz
vyos-1x-588cc03a61414e8f9f35285b9b961c2004e24751.zip
openvpn: T3805: fix bool logic in verify_pki() for client mode
Add support for OpenVPN client mode with only the CA certificate of the server installed.
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index bbf17ed5a..02b7f83bf 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -126,7 +126,7 @@ def verify_pki(openvpn):
if tls['ca_certificate'] not in pki['ca']:
raise ConfigError(f'Invalid CA certificate on openvpn interface {interface}')
- if not (mode == 'client' and 'auth_key' in tls):
+ if mode != 'client' and 'auth_key' not in tls:
if 'certificate' not in tls:
raise ConfigError(f'Missing "tls certificate" on openvpn interface {interface}')