GitList

Browse code

Disable DCO when TLS mode is not used

This disables DCO in both --secret mode and when no encryption/TLS is
used. Also aligns the message with the deprecation warning we have in
place.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221210134427.1433419-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25641.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit a666668f064c7ff57cdebb3afceb72e1263a3ba9)

Arne Schwabe authored on 2022/12/10 22:44:27
Showing 1 changed files

src/openvpn/dco.c

History View file @ 9b277f4

@@ -274,9 +274,10 @@ dco_check_startup_option(int msglevel, const struct options *o)
         return false;
     }
 
-    if (o->shared_secret_file)
+    if (!o->tls_client && !o->tls_server)
     {
-        msg(msglevel, "--secret is set. Disabling data channel offload");
+        msg(msglevel, "No tls-client or tls-server option in configuration "
+            "detected. Disabling data channel offload.");
         return false;
     }
 

...	...	@@ -274,9 +274,10 @@ dco_check_startup_option(int msglevel, const struct options *o)
274	274	return false;
275	275	}
276	276
277		- if (o->shared_secret_file)
	277	+ if (!o->tls_client && !o->tls_server)
278	278	{
279		- msg(msglevel, "--secret is set. Disabling data channel offload");
	279	+ msg(msglevel, "No tls-client or tls-server option in configuration "
	280	+ "detected. Disabling data channel offload.");
280	281	return false;
281	282	}
282	283