From: Arne Schwabe <arne@rfc2549.org>
Date: Sat, 10 Dec 2022 13:44:27 +0000 (+0100)
Subject: Disable DCO when TLS mode is not used
X-Git-Tag: v2.6_beta2~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b277f426c7d295c8f354496e8e226fc26ff7b1c;p=thirdparty%2Fopenvpn.git

Disable DCO when TLS mode is not used

This disables DCO in both --secret mode and when no encryption/TLS is
used. Also aligns the message with the deprecation warning we have in
place.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221210134427.1433419-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25641.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit a666668f064c7ff57cdebb3afceb72e1263a3ba9)
---

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 1cd698bfe..feb38cd02 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -274,9 +274,10 @@ dco_check_startup_option(int msglevel, const struct options *o)
         return false;
     }
 
-    if (o->shared_secret_file)
+    if (!o->tls_client && !o->tls_server)
     {
-        msg(msglevel, "--secret is set. Disabling data channel offload");
+        msg(msglevel, "No tls-client or tls-server option in configuration "
+            "detected. Disabling data channel offload.");
         return false;
     }