Browse code
Warn that DH config option is only meaningful in a tls-server context
If specified in a tls-client context, don't try to open the file as it's
not used. Worse even, if 'none' was specified to disable explicitly, it
complained that the file 'none' could not be found.
[DS: On-the-fly update - Prefixed the message with 'WARNING: ']
Signed-off-by: Gert van Dijk <gert@gertvandijk.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20170827161515.2424-1-gert@gertvandijk.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15332.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Gert van Dijk authored on 2017/08/28 01:15:15Showing 1 changed files
| ... | ... |
@@ -3011,6 +3011,13 @@ options_postprocess_mutate(struct options *o) |
| 3011 | 3011 |
o->dh_file = NULL; |
| 3012 | 3012 |
} |
| 3013 | 3013 |
} |
| 3014 |
+ else if (o->dh_file) |
|
| 3015 |
+ {
|
|
| 3016 |
+ /* DH file is only meaningful in a tls-server context. */ |
|
| 3017 |
+ msg(M_WARN, "WARNING: Ignoring option 'dh' in tls-client mode, please only " |
|
| 3018 |
+ "include this in your server configuration"); |
|
| 3019 |
+ o->dh_file = NULL; |
|
| 3020 |
+ } |
|
| 3014 | 3021 |
|
| 3015 | 3022 |
/* cipher negotiation (NCP) currently assumes --pull or --mode server */ |
| 3016 | 3023 |
if (o->ncp_enabled |