From: Arne Schwabe <[email protected]> This is a corner case and only the FreeBSD DCO module support the none encryption but as long as it supports it, we should only enable it when the configuration actually allows to enable it.
Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3 Signed-off-by: Arne Schwabe <[email protected]> Acked-by: Antonio Quartulli <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1369 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1369 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Antonio Quartulli <[email protected]> diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 7abdad3..6a1a5c9 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -474,6 +474,18 @@ gc_free(&gc); return false; } + /* FreeBSD supports none as cipher type but requires auth none to be + * be also enabled */ + if (strcmp(token, "none") == 0 && strcmp(o->authname, "none") != 0) + { + msg(msglevel, + "Note: cipher '%s' in --data-ciphers is only supported " + "with --auth=none by ovpn-dco, disabling data channel " + "offload.", + token); + gc_free(&gc); + return false; + } } gc_free(&gc); _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
