Warn that DH config option is only meaningful in a tls-server context

If specified in a tls-client context, don't try to open the file as it's
not used. Worse even, if 'none' was specified to disable explicitly, it
complained that the file 'none' could not be found.

[DS: On-the-fly update - Prefixed the message with 'WARNING: ']

Signed-off-by: Gert van Dijk <gert@gertvandijk.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20170827161515.2424-1-gert@gertvandijk.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15332.html
Signed-off-by: David Sommerseth <davids@openvpn.net>

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 1bbda027934471090ff694967a8620ba284f2bf4..3a5bccfc2df74a1fda30716b9d0fc01835ef7947 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3011,6 +3011,13 @@ options_postprocess_mutate(struct options *o)
             o->dh_file = NULL;
         }
     }
+    else if (o->dh_file)
+    {
+        /* DH file is only meaningful in a tls-server context. */
+        msg(M_WARN, "WARNING: Ignoring option 'dh' in tls-client mode, please only "
+                    "include this in your server configuration");
+        o->dh_file = NULL;
+    }
 
     /* cipher negotiation (NCP) currently assumes --pull or --mode server */
     if (o->ncp_enabled