The new condition is equivalent to the old one, but easier to grasp.
Also add message to inform uset that cipher negotiation, in this case,
it indeed disabled.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
---
src/openvpn/options.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 00ba6044..0d6b85cf 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3076,8 +3076,12 @@ options_postprocess_verify(const struct options *o)
static void
options_postprocess_cipher(struct options *o)
{
- if (!o->pull && !(o->mode == MODE_SERVER))
+ if (!o->tls_server && !o->tls_client)
{
+ /* we are in the classic P2P mode */
+ msg(M_WARN, "Cipher negotiation is disabled since TLS "
+ "mode is not enabled");
+
/* If the cipher is not set, use the old default of BF-CBC. We will
* warn that this is deprecated on cipher initialisation, no need
* to warn here as well */
--
2.32.0
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
