The do_deferred_options() function is invoked also on the server side in order to process all negotiated bits.
However, in this case we should not perform any pull options check, as it's required only on the client side. Move check within the "if (options.pull)" block to ensure we perform the check only when required. Reported-By: Gert Doering <[email protected]> Signed-off-by: Antonio Quartulli <[email protected]> --- src/openvpn/init.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 2e7544de..b6705921 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2402,22 +2402,23 @@ do_deferred_options(struct context *c, const unsigned int found) c->c2.tls_multi->peer_id = c->options.peer_id; } - /* process (potentially pushed) crypto options */ + /* process (potentially) pushed options */ if (c->options.pull) { if (!check_pull_client_ncp(c, found)) { return false; } - } - /* Check if pushed options are compatible with DCO, if enabled */ - if (dco_enabled(&c->options) - && !dco_check_pull_options(D_PUSH_ERRORS, &c->options)) - { - msg(D_PUSH_ERRORS, "OPTIONS ERROR: pushed options are incompatible with " - "data channel offload. Use --disable-dco to connect to this server"); - return false; + /* Check if pushed options are compatible with DCO, if enabled */ + if (dco_enabled(&c->options) + && !dco_check_pull_options(D_PUSH_ERRORS, &c->options)) + { + msg(D_PUSH_ERRORS, "OPTIONS ERROR: pushed options are incompatible " + "with data channel offload. Use --disable-dco to connect to " + "this server"); + return false; + } } return true; -- 2.35.1 _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
