only generate cert of x509.user == true

diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index 59eb62096e453faec8f51449f6ca9144477ec288..830b468dc5d88a5e5f347a12cbd362650b4e57f8 100644 (file)
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -51,6 +51,8 @@ module LeapCli; module Commands
       assert_files_exist! :ca_cert, :ca_key, :msg => 'Run init-ca to create them'
       assert_config! 'provider.ca.server_certificates.bit_size'
       assert_config! 'provider.ca.server_certificates.life_span'
+      assert_config! 'common.x509.use'
+
       if args.first == 'all' || args.empty?
         manager.each_node do |node|
           if cert_needs_updating?(node)
@@ -118,6 +120,8 @@ module LeapCli; module Commands
   end
 
   def generate_cert_for_node(node)
+    return if node.x509.use == false
+
     cert = CertificateAuthority::Certificate.new
 
     # set subject

diff --git a/lib/leap_cli/requirements.rb b/lib/leap_cli/requirements.rb
index ad4fb212df36075242aba5f263301141c326c31e..21a4279cc173e34a3801bb02010f957aac41b81b 100644 (file)
--- a/lib/leap_cli/requirements.rb
+++ b/lib/leap_cli/requirements.rb
@@ -6,6 +6,7 @@ module LeapCli
     "provider.ca.life_span",
     "provider.ca.server_certificates.bit_size",
     "provider.ca.server_certificates.life_span",
+    "common.x509.use",
     "provider.vagrant.network"
   ]
 end

diff --git a/lib/leap_cli/util.rb b/lib/leap_cli/util.rb
index bad1f6c37f22e6e073849b570a89c1fcb44f33cb..6b62be5c3f612e8761e40359dc60711e4106d952 100644 (file)
--- a/lib/leap_cli/util.rb
+++ b/lib/leap_cli/util.rb
@@ -103,7 +103,7 @@ module LeapCli
       rescue NoMethodError
       rescue NameError
       end
-      assert! value do
+      assert! !value.nil? do
         log 0, :missing, "configuration value for #{conf_path}"
       end
     end