From: Gert van Dijk <gert@gertvandijk.net>
Date: Sun, 27 Aug 2017 16:15:15 +0000 (+0200)
Subject: Warn that DH config option is only meaningful in a tls-server context
X-Git-Tag: v2.5_beta1~594
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47a0a80b7718fe88451c82bdfe838e5a6e3c4248;p=thirdparty%2Fopenvpn.git

Warn that DH config option is only meaningful in a tls-server context

If specified in a tls-client context, don't try to open the file as it's
not used. Worse even, if 'none' was specified to disable explicitly, it
complained that the file 'none' could not be found.

[DS: On-the-fly update - Prefixed the message with 'WARNING: ']

Signed-off-by: Gert van Dijk <gert@gertvandijk.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20170827161515.2424-1-gert@gertvandijk.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15332.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
---

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 1bbda0279..3a5bccfc2 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3011,6 +3011,13 @@ options_postprocess_mutate(struct options *o)
             o->dh_file = NULL;
         }
     }
+    else if (o->dh_file)
+    {
+        /* DH file is only meaningful in a tls-server context. */
+        msg(M_WARN, "WARNING: Ignoring option 'dh' in tls-client mode, please only "
+                    "include this in your server configuration");
+        o->dh_file = NULL;
+    }
 
     /* cipher negotiation (NCP) currently assumes --pull or --mode server */
     if (o->ncp_enabled