only generate cert of x509.user == true

3 files changed, 6 insertions, 1 deletions

diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index 59eb620..830b468 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -51,6 +51,8 @@ module LeapCli; module Commands
       assert_files_exist! :ca_cert, :ca_key, :msg => 'Run init-ca to create them'
       assert_config! 'provider.ca.server_certificates.bit_size'
       assert_config! 'provider.ca.server_certificates.life_span'
+      assert_config! 'common.x509.use'
+
       if args.first == 'all' || args.empty?
         manager.each_node do |node|
           if cert_needs_updating?(node)
@@ -118,6 +120,8 @@ module LeapCli; module Commands
   end
 
   def generate_cert_for_node(node)
+    return if node.x509.use == false
+
     cert = CertificateAuthority::Certificate.new
 
     # set subject
diff --git a/lib/leap_cli/requirements.rb b/lib/leap_cli/requirements.rb
index ad4fb21..21a4279 100644
--- a/lib/leap_cli/requirements.rb
+++ b/lib/leap_cli/requirements.rb
@@ -6,6 +6,7 @@ module LeapCli
     "provider.ca.life_span",
     "provider.ca.server_certificates.bit_size",
     "provider.ca.server_certificates.life_span",
+    "common.x509.use",
     "provider.vagrant.network"
   ]
 end
diff --git a/lib/leap_cli/util.rb b/lib/leap_cli/util.rb
index bad1f6c..6b62be5 100644
--- a/lib/leap_cli/util.rb
+++ b/lib/leap_cli/util.rb
@@ -103,7 +103,7 @@ module LeapCli
       rescue NoMethodError
       rescue NameError
       end
-      assert! value do
+      assert! !value.nil? do
         log 0, :missing, "configuration value for #{conf_path}"
       end
     end