Ignore --explicit-exit-notify in TCP mode.

Mixed udp+tcp configs can not have --explicit-exit-notify in them
today because this option is refused in TCP mode.  At the same time,
it was always possible to push the option both in UDP and TCP mode
(with a warning logged in TCP mode, and the option reset to 0).

Do the same thing for local config - warn, and reset to 0.

(Leaving it enabled in TCP mode is harmless, but causes extra error
messages in the log which is undesired behaviour.  Maybe one should
just fix the underlying logic for TCP mode instead, but this is more
invasive)

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20210802133127.25000-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22690.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 63cda1e86c8f6ebba7892db6002d30ba633af34a..7e146db904699c83e3b4dce98bfcc4920757c11a 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2266,12 +2266,6 @@ options_postprocess_verify_ce(const struct options *options,
     }
 #endif
 
-    if (!proto_is_udp(ce->proto) && ce->explicit_exit_notification)
-    {
-        msg(M_USAGE,
-            "--explicit-exit-notify can only be used with --proto udp");
-    }
-
     if (!ce->remote && ce->proto == PROTO_TCP_CLIENT)
     {
         msg(M_USAGE, "--remote MUST be used in TCP Client mode");
@@ -2978,6 +2972,13 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce)
         connection_entry_preload_key(&ce->tls_crypt_v2_file,
                                      &ce->tls_crypt_v2_file_inline, &o->gc);
     }
+
+    if (!proto_is_udp(ce->proto) && ce->explicit_exit_notification)
+    {
+        msg(M_WARN, "NOTICE: --explicit-exit-notify ignored for --proto tcp");
+        ce->explicit_exit_notification = 0;
+    }
+
 }
 
 #ifdef _WIN32