Disable DCO when TLS mode is not used

This disables DCO in both --secret mode and when no encryption/TLS is
used. Also aligns the message with the deprecation warning we have in
place.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221210134427.1433419-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25641.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit a666668f064c7ff57cdebb3afceb72e1263a3ba9)

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 1cd698bfed4e63eae61de3f19d96e19b34ae3249..feb38cd026ac81396430c96ff58a2b2a1e7b108c 100644 (file)
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -274,9 +274,10 @@ dco_check_startup_option(int msglevel, const struct options *o)
         return false;
     }
 
-    if (o->shared_secret_file)
+    if (!o->tls_client && !o->tls_server)
     {
-        msg(msglevel, "--secret is set. Disabling data channel offload");
+        msg(msglevel, "No tls-client or tls-server option in configuration "
+            "detected. Disabling data channel offload.");
         return false;
     }