If specified in a tls-client context, don't try to open the file as it's
not used. Worse even, if 'none' was specified to disable explicitly, it
complained that the file 'none' could not be found.
---
src/openvpn/options.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 1bbda027..536d6f3f 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3011,6 +3011,13 @@ options_postprocess_mutate(struct options *o)
o->dh_file = NULL;
}
}
+ else if (o->dh_file)
+ {
+ /* DH file is only meaningful in a tls-server context. */
+ msg(M_WARN, "ignoring option 'dh' in tls-client mode, please only "
+ "include this in your server configuration");
+ o->dh_file = NULL;
+ }
/* cipher negotiation (NCP) currently assumes --pull or --mode server */
if (o->ncp_enabled
--
2.14.1
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
