From cf9ff0e3ee803dd868f5d3d29d8184a13cf745f9 Mon Sep 17 00:00:00 2001
From: DmitriyEshenko <snooppy@mail.ua>
Date: Sat, 14 Sep 2019 21:32:36 +0000
Subject: [openvpn] T1661 Adding additional check for tls_dh if it not need for
 ovpn client

---
 src/conf_mode/interface-openvpn.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/conf_mode/interface-openvpn.py')

diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index fa0af0111..34c094862 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -724,8 +724,9 @@ def verify(openvpn):
             if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']):
                 raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl']))
 
-        if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']):
-            raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh']))
+        if openvpn['tls_dh']:
+            if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']):
+                raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh']))
 
         if openvpn['tls_role']:
             if openvpn['mode'] in ['client', 'server']:
-- 
cgit v1.2.3