Make crl verification optional

2015-09-29 11:42:30 +02:00 · 2015-09-29 11:42:30 +02:00 · c595fbe31a
parent 36f5d2b782
commit c595fbe31a
1 changed files with 9 additions and 6 deletions
--- a/root/etc/e-smith/templates/etc/openvpn/routed/openvpn.conf/30cert
+++ b/root/etc/e-smith/templates/etc/openvpn/routed/openvpn.conf/30cert
@ -7,11 +7,14 @@ tls-server

 {

-$OUT .= "tls-auth priv/takey.pem 0\n" if
-    (-e "/etc/openvpn/routed/priv/takey.pem" &&
-    !-z "/etc/openvpn/routed/priv/takey.pem");
-
+if (-e "/etc/openvpn/routed/priv/takey.pem" &&
+    !-z "/etc/openvpn/routed/priv/takey.pem"){
+  $OUT .= "tls-auth priv/takey.pem 0\n";
 }

-# CRL file for certificates verification
-crl-verify pub/cacrl.pem
+if (-e '/etc/openvpn/routed/pub/cacrl.pem' &&
+   !-z '/etc/openvpn/routed/pub/cacrl.pem'){
+  $OUT .= "crl-verify pub/cacrl.pem\n";
+}
+
+}