Page MenuHomeVyOS Platform

SSTP wrong certificates check
Closed, ResolvedPublicBUG


In python SSTP CLI handler we check certificate existence, but handler does not check this directory or file.
I propose to change os.path.exists() to os.path.isfile()

if not os.path.isfile(sstp['ssl_ca']):
    file = sstp['ssl_ca']
    raise ConfigError(f'SSL CA certificate file "{file}" does not exist')

if not os.path.isfile(sstp['ssl_cert']):
    file = sstp['ssl_cert']
    raise ConfigError(f'SSL public key file "{file}" does not exist')

if not os.path.isfile(sstp['ssl_key']):
    file = sstp['ssl_key']
    raise ConfigError(f'SSL private key file "{file}" does not exist')

Related forum topic


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Improvement (missing useful functionality)

Event Timeline

Unknown Object (User) created this task.Jun 29 2020, 1:06 PM
Unknown Object (User) updated the task description. (Show Details)Jun 29 2020, 1:12 PM

@Dmitry Is it an actual task? Code was rewritten.

Unknown Object (User) added a comment.Aug 3 2021, 6:41 AM

@Viacheslav I believe it is still actual for 1.3
I saw we changed the PKI model only for 1.4. Implement PKI model for 1.3-epa1 a risky

erkin set Issue type to Improvement (missing useful functionality).Aug 29 2021, 2:00 PM
erkin removed a subscriber: Active contributors.
Unknown Object (User) changed the task status from Open to Needs testing.Sep 2 2021, 3:50 PM
Unknown Object (User) changed the task status from Needs testing to In progress.Nov 24 2021, 6:17 PM
Unknown Object (User) claimed this task.
Unknown Object (User) changed the task status from In progress to Needs testing.EditedNov 24 2021, 6:33 PM

Now certificate files existing should be checked via validator name="file-exists" which was fixed T3695

Unknown Object (User) closed this task as Resolved.Nov 29 2021, 12:29 PM