Page MenuHomeVyOS Platform

SSTP wrong certificates check
Open, Requires assessmentPublicBUG

Description

In python SSTP CLI handler we check certificate existence, but handler does not check this directory or file.
I propose to change os.path.exists() to os.path.isfile()
https://github.com/vyos/vyos-1x/blob/current/src/conf_mode/vpn_sstp.py#L326-L336

if not os.path.isfile(sstp['ssl_ca']):
    file = sstp['ssl_ca']
    raise ConfigError(f'SSL CA certificate file "{file}" does not exist')

if not os.path.isfile(sstp['ssl_cert']):
    file = sstp['ssl_cert']
    raise ConfigError(f'SSL public key file "{file}" does not exist')

if not os.path.isfile(sstp['ssl_key']):
    file = sstp['ssl_key']
    raise ConfigError(f'SSL private key file "{file}" does not exist')

Related forum topic https://forum.vyos.io/t/sstp-with-win-10-clients/5560/8

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202006270117
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

Dmitry created this task.Mon, Jun 29, 1:06 PM
Dmitry updated the task description. (Show Details)Mon, Jun 29, 1:12 PM
pasik added a subscriber: pasik.Mon, Jun 29, 4:11 PM