If specified in a tls-client context, don't try to open the file as it's
not used. Worse even, if 'none' was specified to disable explicitly, it
complained that the file 'none' could not be found.
[DS: On-the-fly update - Prefixed the message with 'WARNING: ']
Signed-off-by: Gert van Dijk <gert@gertvandijk.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20170827161515.2424-1-gert@gertvandijk.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15332.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
... | ... |
@@ -3011,6 +3011,13 @@ options_postprocess_mutate(struct options *o) |
3011 | 3011 |
o->dh_file = NULL; |
3012 | 3012 |
} |
3013 | 3013 |
} |
3014 |
+ else if (o->dh_file) |
|
3015 |
+ { |
|
3016 |
+ /* DH file is only meaningful in a tls-server context. */ |
|
3017 |
+ msg(M_WARN, "WARNING: Ignoring option 'dh' in tls-client mode, please only " |
|
3018 |
+ "include this in your server configuration"); |
|
3019 |
+ o->dh_file = NULL; |
|
3020 |
+ } |
|
3014 | 3021 |
|
3015 | 3022 |
/* cipher negotiation (NCP) currently assumes --pull or --mode server */ |
3016 | 3023 |
if (o->ncp_enabled |