[Openvpn-devel] [PATCH] Disable DCO when TLS mode is not used

Arne Schwabe Sat, 10 Dec 2022 05:45:37 -0800

This disables DCO in both --secret mode and when no encryption/TLS is
used. Also aligns the message with the deprecation warning we have in
place.


Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
 src/openvpn/dco.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 6358d53f9..5cce3f641 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -275,9 +275,10 @@ dco_check_startup_option(int msglevel, const struct 
options *o)
         return false;
     }
 
-    if (o->shared_secret_file)
+    if (!o->tls_client && !o->tls_server)
     {
-        msg(msglevel, "--secret is set. Disabling data channel offload");
+        msg(msglevel, "No tls-client or tls-server option in configuration "
+            "detected. Disabling data channel offload.");
         return false;
     }
 
-- 
2.37.1 (Apple Git-137.1)



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Disable DCO when TLS mode is not used

Reply via email to