The new condition is equivalent to the old one, but easier to grasp. Also add message to inform uset that cipher negotiation, in this case, it indeed disabled.
Signed-off-by: Arne Schwabe <a...@rfc2549.org> Signed-off-by: Antonio Quartulli <a...@unstable.cc> --- src/openvpn/options.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 00ba6044..0d6b85cf 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3076,8 +3076,12 @@ options_postprocess_verify(const struct options *o) static void options_postprocess_cipher(struct options *o) { - if (!o->pull && !(o->mode == MODE_SERVER)) + if (!o->tls_server && !o->tls_client) { + /* we are in the classic P2P mode */ + msg(M_WARN, "Cipher negotiation is disabled since TLS " + "mode is not enabled"); + /* If the cipher is not set, use the old default of BF-CBC. We will * warn that this is deprecated on cipher initialisation, no need * to warn here as well */ -- 2.32.0 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel