From 90031f21dc66e28f8883cb58af3f07c35b61d273 Mon Sep 17 00:00:00 2001
From: DmitriyEshenko <dmitriy.eshenko@vyos.io>
Date: Thu, 2 Sep 2021 11:36:38 +0000
Subject: sstp-server: T2661: Delete CA certificate redundancy check

---
 data/templates/accel-ppp/sstp.config.tmpl | 2 ++
 src/conf_mode/vpn_sstp.py                 | 4 +---
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl
index 7ca7b1c1e..d48e9ab0d 100644
--- a/data/templates/accel-ppp/sstp.config.tmpl
+++ b/data/templates/accel-ppp/sstp.config.tmpl
@@ -29,7 +29,9 @@ disable
 verbose=1
 ifname=sstp%d
 accept=ssl
+{% if ssl.ca_cert_file is defined and ssl.ca_cert_file is not none %}
 ssl-ca-file={{ ssl.ca_cert_file }}
+{% endif %}
 ssl-pemfile={{ ssl.cert_file }}
 ssl-keyfile={{ ssl.key_file }}
 
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 47367f125..11925dfa4 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -57,9 +57,7 @@ def verify(sstp):
     # SSL certificate checks
     #
     tmp = dict_search('ssl.ca_cert_file', sstp)
-    if not tmp:
-        raise ConfigError(f'SSL CA certificate file required!')
-    else:
+    if tmp:
         if not os.path.isfile(tmp):
             raise ConfigError(f'SSL CA certificate "{tmp}" does not exist!')
 
-- 
cgit v1.2.3