Properly require --key even if defined(MANAGMENT_EXTERNAL_KEY)

When specifying --tls-client --cert ... without a --key (or --pkcs11)
option, OpenVPN should complain:
"You must define private key file (--key)...".  Ensure that this
works even when compiling with MANAGMENT_EXTERNAL_KEY.

Also fix the other instance where this logic is broken

Orginal-Patch-by: Found by Joachim Schipper <joachim.schipper@fox-it.com>
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1353940389-31075-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/7143
Signed-off-by: David Sommerseth <davids@redhat.com>
(cherry picked from commit feca0900dd00577779ab02f2e52b41eb3dab935f)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 5cec3443e5253de07fa941744bac2511a720ce76..33dbf51b1b6a305c662e9f198d1bb64957521402 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2274,7 +2274,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
            {
              notnull (options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)");
 #ifdef MANAGMENT_EXTERNAL_KEY
-          if (!options->management_flags & MF_EXTERNAL_KEY)
+          if (!(options->management_flags & MF_EXTERNAL_KEY))
 #endif
              notnull (options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)");
            }
@@ -2666,7 +2666,7 @@ options_postprocess_filechecks (struct options *options)
   errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->extra_certs_file, R_OK,
                              "--extra-certs");
 #ifdef MANAGMENT_EXTERNAL_KEY
-  if(!options->management_flags & MF_EXTERNAL_KEY)
+  if(!(options->management_flags & MF_EXTERNAL_KEY))
 #endif
      errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->priv_key_file, R_OK,
                              "--key");