fix: don't raise when TNCC_CERTS is unset

When asn1crypto isn't available, only raise if TNCC_CERTS is set. That's
the semantics suggested by the error message.

Signed-off-by: Joachim Kuebart <joachim.kuebart@gmail.com>

diff --git a/trojans/tncc-emulate.py b/trojans/tncc-emulate.py
index dc29c8d68e2ad0bae593d8a880320b8305cb79fd..072fa0f7d97f1435253f52123fd7aac06f18d435 100755 (executable)
--- a/trojans/tncc-emulate.py
+++ b/trojans/tncc-emulate.py
@@ -676,8 +676,8 @@ if __name__ == "__main__":
             ssl.SSLSocket = fingerprint_checking_SSLSocket(fingerprint)
 
     certs = []
-    if asn1crypto:
-        if 'TNCC_CERTS' in os.environ:
+    if 'TNCC_CERTS' in os.environ:
+        if asn1crypto:
             now = datetime.datetime.utcnow()
             for f in os.environ['TNCC_CERTS'].split(','):
                 cert = x509cert(f.strip())
@@ -686,8 +686,8 @@ if __name__ == "__main__":
                 if now > cert.not_after:
                     logging.warning('WARNING: %s is expired', f)
                 certs.append(cert)
-    else:
-        raise Exception('TNCC_CERTS environment variable set, but asn1crypto module is not available')
+        else:
+            raise Exception('TNCC_CERTS environment variable set, but asn1crypto module is not available')
 
     # \HKEY_CURRENT_USER\Software\Juniper Networks\Device Id
     device_id = os.environ.get('TNCC_DEVICE_ID')