From c414479fdf1d5ad77170f977481fb9197c9559ae Mon Sep 17 00:00:00 2001
From: Yun Zheng Hu <yunzheng.hu@gmail.com>
Date: Tue, 13 Jul 2021 00:06:23 +0200
Subject: openvpn: T56: remove strict checks for tls cert-file and key-file

This makes the tls cert-file and key-file optional and allows for more
advanced configurations via "openvpn-option", such as pkcs11 or pkcs12
options.
---
 src/conf_mode/interfaces-openvpn.py | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'src/conf_mode')

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 0256ad62a..20d232bd0 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -332,13 +332,6 @@ def verify(openvpn):
         if 'ca_cert_file' not in openvpn['tls']:
             raise ConfigError('Must specify "tls ca-cert-file"')
 
-        if not (openvpn['mode'] == 'client' and 'auth_file' in openvpn['tls']):
-            if 'cert_file' not in openvpn['tls']:
-                raise ConfigError('Missing "tls cert-file"')
-
-            if 'key_file' not in openvpn['tls']:
-                raise ConfigError('Missing "tls key-file"')
-
         if {'auth_file', 'crypt_file'} <= set(openvpn['tls']):
             raise ConfigError('TLS auth and crypt are mutually exclusive')
 
-- 
cgit v1.2.3