diff --git a/opennsa/config.py b/opennsa/config.py
index eeeaa89af46fc6e8306b2eb4d82db812fe188539..90ba7e5a9a8e11853b366b057d4855305e81adfc 100644
--- a/opennsa/config.py
+++ b/opennsa/config.py
@@ -315,6 +315,16 @@ class Config(object):
except configparser.NoOptionError:
vc[BASE_URL] = None
+ try:
+ vc[KEY] = cfg.get(BLOCK_SERVICE, KEY)
+ except configparser.NoOptionError:
+ vc[KEY] = None
+
+ try:
+ vc[CERTIFICATE] = cfg.get(BLOCK_SERVICE, CERTIFICATE)
+ except configparser.NoOptionError:
+ vc[CERTIFICATE] = None
+
try:
policies = cfg.get(BLOCK_SERVICE, POLICY).split(',')
for policy in policies:
@@ -356,18 +366,19 @@ class Config(object):
# tls
if vc[TLS]:
try:
- hostkey = cfg.get(BLOCK_SERVICE, KEY)
- hostcert = cfg.get(BLOCK_SERVICE, CERTIFICATE)
-
- if not os.path.exists(hostkey):
+ if not vc[KEY]:
raise ConfigurationError(
- 'Specified hostkey does not exist (%s)' % hostkey)
- if not os.path.exists(hostcert):
+ 'must specify a key when TLS is enabled')
+ elif not os.path.exists(vc[KEY]):
raise ConfigurationError(
- 'Specified hostcert does not exist (%s)' % hostcert)
+ 'Specified key does not exist (%s)' % vc[KEY])
- vc[KEY] = hostkey
- vc[CERTIFICATE] = hostcert
+ if not vc[CERTIFICATE]:
+ raise ConfigurationError(
+ 'must specify a certificate when TLS is enabled')
+ elif not os.path.exists(vc[CERTIFICATE]):
+ raise ConfigurationError(
+ 'Specified certificate does not exist (%s)' % vc[CERTIFICATE])
try:
allowed_hosts_cfg = cfg.get(BLOCK_SERVICE, ALLOWED_HOSTS)