Mixed udp+tcp configs can not have --explicit-exit-notify in them
today because this option is refused in TCP mode. At the same time,
it was always possible to push the option both in UDP and TCP mode
(with a warning logged in TCP mode, and the option reset to 0).
Do the same thing for local config - warn, and reset to 0.
(Leaving it enabled in TCP mode is harmless, but causes extra error
messages in the log which is undesired behaviour. Maybe one should
just fix the underlying logic for TCP mode instead, but this is more
invasive)
Signed-off-by: Gert Doering <g...@greenie.muc.de>
---
src/openvpn/options.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 63cda1e8..7e146db9 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2266,12 +2266,6 @@ options_postprocess_verify_ce(const struct options
*options,
}
#endif
- if (!proto_is_udp(ce->proto) && ce->explicit_exit_notification)
- {
- msg(M_USAGE,
- "--explicit-exit-notify can only be used with --proto udp");
- }
-
if (!ce->remote && ce->proto == PROTO_TCP_CLIENT)
{
msg(M_USAGE, "--remote MUST be used in TCP Client mode");
@@ -2978,6 +2972,13 @@ options_postprocess_mutate_ce(struct options *o, struct
connection_entry *ce)
connection_entry_preload_key(&ce->tls_crypt_v2_file,
&ce->tls_crypt_v2_file_inline, &o->gc);
}
+
+ if (!proto_is_udp(ce->proto) && ce->explicit_exit_notification)
+ {
+ msg(M_WARN, "NOTICE: --explicit-exit-notify ignored for --proto tcp");
+ ce->explicit_exit_notification = 0;
+ }
+
}
#ifdef _WIN32
--
2.26.3
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
