dco: perform pull options check only if we pulled any option

author Antonio Quartulli <a@unstable.cc>

Fri, 5 Aug 2022 15:08:37 +0000 (17:08 +0200)

committer Gert Doering <gert@greenie.muc.de>

Sat, 6 Aug 2022 10:26:17 +0000 (12:26 +0200)
author Antonio Quartulli <a@unstable.cc>
Fri, 5 Aug 2022 15:08:37 +0000 (17:08 +0200)
committer Gert Doering <gert@greenie.muc.de>
Sat, 6 Aug 2022 10:26:17 +0000 (12:26 +0200)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c

index 2e7544de399f3c872220581cba2a8b4d6f08239c..b6705921ab75372d21ef987461b3ca3dae93fb2f 100644 (file)
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2402,22 +2402,23 @@ do_deferred_options(struct context *c, const unsigned int found)
          c->c2.tls_multi->peer_id = c->options.peer_id;
      }
  
-    /* process (potentially pushed) crypto options */
+    /* process (potentially) pushed options */
      if (c->options.pull)
      {
          if (!check_pull_client_ncp(c, found))
          {
              return false;
          }
-    }
  
-    /* Check if pushed options are compatible with DCO, if enabled */
-    if (dco_enabled(&c->options)
-        && !dco_check_pull_options(D_PUSH_ERRORS, &c->options))
-    {
-        msg(D_PUSH_ERRORS, "OPTIONS ERROR: pushed options are incompatible with "
-            "data channel offload. Use --disable-dco to connect to this server");
-        return false;
+        /* Check if pushed options are compatible with DCO, if enabled */
+        if (dco_enabled(&c->options)
+            && !dco_check_pull_options(D_PUSH_ERRORS, &c->options))
+        {
+            msg(D_PUSH_ERRORS, "OPTIONS ERROR: pushed options are incompatible "
+                "with data channel offload. Use --disable-dco to connect to "
+                "this server");
+            return false;
+        }
      }
  
      return true;
author	Antonio Quartulli <a@unstable.cc>
	Fri, 5 Aug 2022 15:08:37 +0000 (17:08 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Sat, 6 Aug 2022 10:26:17 +0000 (12:26 +0200)