From 363d8fb22c985990a1ef199abbb43a784638902c Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 17 Jul 2021 18:36:25 +0200 Subject: Revert "openvpn: T56: remove strict checks for tls cert-file and key-file" This reverts commit c414479fdf1d5ad77170f977481fb9197c9559ae. This commit broke the smoketests and also OpenVPN complains: Options error: You must define certificate file (--cert) or PKCS#12 file (--pkcs12) --- src/conf_mode/interfaces-openvpn.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 20d232bd0..0256ad62a 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -332,6 +332,13 @@ def verify(openvpn): if 'ca_cert_file' not in openvpn['tls']: raise ConfigError('Must specify "tls ca-cert-file"') + if not (openvpn['mode'] == 'client' and 'auth_file' in openvpn['tls']): + if 'cert_file' not in openvpn['tls']: + raise ConfigError('Missing "tls cert-file"') + + if 'key_file' not in openvpn['tls']: + raise ConfigError('Missing "tls key-file"') + if {'auth_file', 'crypt_file'} <= set(openvpn['tls']): raise ConfigError('TLS auth and crypt are mutually exclusive') -- cgit v1.2.3