From 588cc03a61414e8f9f35285b9b961c2004e24751 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Wed, 8 Sep 2021 14:36:06 +0200
Subject: openvpn: T3805: fix bool logic in verify_pki() for client mode

Add support for OpenVPN client mode with only the CA certificate of the server
installed.
---
 src/conf_mode/interfaces-openvpn.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index bbf17ed5a..02b7f83bf 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -126,7 +126,7 @@ def verify_pki(openvpn):
         if tls['ca_certificate'] not in pki['ca']:
             raise ConfigError(f'Invalid CA certificate on openvpn interface {interface}')
 
-        if not (mode == 'client' and 'auth_key' in tls):
+        if mode != 'client' and 'auth_key' not in tls:
             if 'certificate' not in tls:
                 raise ConfigError(f'Missing "tls certificate" on openvpn interface {interface}')
 
-- 
cgit v1.2.3