From 8e184540ce86c72c9ed176bcd4299087a9b12c9d Mon Sep 17 00:00:00 2001
From: Joachim Kuebart <joachim.kuebart@gmail.com>
Date: Mon, 8 Mar 2021 16:58:35 +0100
Subject: [PATCH] fix: don't raise when TNCC_CERTS is unset

When asn1crypto isn't available, only raise if TNCC_CERTS is set. That's
the semantics suggested by the error message.

Signed-off-by: Joachim Kuebart <joachim.kuebart@gmail.com>
---
 trojans/tncc-emulate.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/trojans/tncc-emulate.py b/trojans/tncc-emulate.py
index dc29c8d6..072fa0f7 100755
--- a/trojans/tncc-emulate.py
+++ b/trojans/tncc-emulate.py
@@ -676,8 +676,8 @@ if __name__ == "__main__":
             ssl.SSLSocket = fingerprint_checking_SSLSocket(fingerprint)
 
     certs = []
-    if asn1crypto:
-        if 'TNCC_CERTS' in os.environ:
+    if 'TNCC_CERTS' in os.environ:
+        if asn1crypto:
             now = datetime.datetime.utcnow()
             for f in os.environ['TNCC_CERTS'].split(','):
                 cert = x509cert(f.strip())
@@ -686,8 +686,8 @@ if __name__ == "__main__":
                 if now > cert.not_after:
                     logging.warning('WARNING: %s is expired', f)
                 certs.append(cert)
-    else:
-        raise Exception('TNCC_CERTS environment variable set, but asn1crypto module is not available')
+        else:
+            raise Exception('TNCC_CERTS environment variable set, but asn1crypto module is not available')
 
     # \HKEY_CURRENT_USER\Software\Juniper Networks\Device Id
     device_id = os.environ.get('TNCC_DEVICE_ID')
-- 
2.49.0