From c595fbe31a78521383074be878e6afe810b11d0a Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 29 Sep 2015 11:42:30 +0200 Subject: [PATCH] Make crl verification optional --- .../templates/etc/openvpn/routed/openvpn.conf/30cert | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/root/etc/e-smith/templates/etc/openvpn/routed/openvpn.conf/30cert b/root/etc/e-smith/templates/etc/openvpn/routed/openvpn.conf/30cert index f570af1..8362cbf 100644 --- a/root/etc/e-smith/templates/etc/openvpn/routed/openvpn.conf/30cert +++ b/root/etc/e-smith/templates/etc/openvpn/routed/openvpn.conf/30cert @@ -7,11 +7,14 @@ tls-server { -$OUT .= "tls-auth priv/takey.pem 0\n" if - (-e "/etc/openvpn/routed/priv/takey.pem" && - !-z "/etc/openvpn/routed/priv/takey.pem"); +if (-e "/etc/openvpn/routed/priv/takey.pem" && + !-z "/etc/openvpn/routed/priv/takey.pem"){ + $OUT .= "tls-auth priv/takey.pem 0\n"; +} +if (-e '/etc/openvpn/routed/pub/cacrl.pem' && + !-z '/etc/openvpn/routed/pub/cacrl.pem'){ + $OUT .= "crl-verify pub/cacrl.pem\n"; } -# CRL file for certificates verification -crl-verify pub/cacrl.pem +}