From patchwork Sat Dec 10 13:44:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2894 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:622a:418d:b0:3a5:7962:c21f with SMTP id cd13csp1272433qtb; Sat, 10 Dec 2022 06:03:37 -0800 (PST) X-Google-Smtp-Source: AA0mqf5qy/93vq2V6b9Obs6GqOy2GBIDyKZklJUHSbnnISOL6h8U0/jU8K4Pj+sokYnIT7SKbaip X-Received: by 2002:aa7:9041:0:b0:56c:3ed0:1f9d with SMTP id n1-20020aa79041000000b0056c3ed01f9dmr8842295pfo.17.1670679911090; Sat, 10 Dec 2022 05:45:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670679911; cv=none; d=google.com; s=arc-20160816; b=JY+7kyDnzZ5qh/TmgG2+31ii6thz5e8H498IsNKXxZzAqNRUdckiJjGWAMq12AQ4vK hlh58cgeCDWTw2xDdJt19jQin6OYcPw/C9bwYseuKh8iVBzcblfgXiqgxAbqBEL84FhO qLCl/ap54Ty9hL+m3RtS01sa1HX1vaQJiVs3mUvUhkBHfeWuHM4b/h1BTMnixQIMfTzj xJ/uz0V9roZWAFAIu5egG1peZFfxmPL8rTFTNt5kkkcDtDmzcmCZ8ZjElPv6G/Vn6HEo z+bjy3dc4aW7pbCAggEfhenhoM53ikx2AGkEztnjoTMJAqGNCZG6f6q5rA5IBRgJPkis hczg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature; bh=oMmd5EFPI+KFtisqyJ4RivVCtaL358NOU0b/0kl8wiY=; b=QlTx3ZCcFulve4E4iKx+XzbmDM4tz/iWKrnaK6JvagxIukCfOkr2tTv9XkDz/TrEhZ YG2n5wV7M7ATwpBtP0qYG/qre2QqmFqJUTrPj8ACg8DZalCXQXvN+IWHhuTtKGDgQvd0 gVfmtLEEetzgOjaiEXmfHxB9u1uGFwosLwe8WXKG2aOZ2F70l+DPWRWc4KZX6CHerwDc 8492ux5kC4rurkpbrEQ90gxeHWpVsKREoVL1F8+zzJFqLxXHSp3lN5fKkff33C9kKBra T4KAUs8sTzHBxgprBBB4IxCLMvqTEDs+5TBP8vAOeBKZPTqspgOm/35GS1/j3QSxtEBD LOew== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=BGg8P4m9; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=iBwrzZgA; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id cp8-20020a056a00348800b0057462551be5si4231369pfb.237.2022.12.10.05.45.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 10 Dec 2022 05:45:11 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=BGg8P4m9; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=iBwrzZgA; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p409l-0004jg-FL; Sat, 10 Dec 2022 13:44:45 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p409j-0004ja-Nx for openvpn-devel@lists.sourceforge.net; Sat, 10 Dec 2022 13:44:43 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=3eTsKH1Gt6UuY+qTYeIGAHCrNHEkFFGNf46npvJBD3c=; b=BGg8P4m9bAS1+z66vUaLss188S 07b2JjCVdsDqz0sCNhW9GApur11iDTwAFI5IFYKuLTVVLqNwSnBAHBUoskP0PJLQrlmRxN4CsXq/e 0u2lE3bvqlU55Dry6G+FDKDxI2/tc9Wz5/4SCkSrGLbpdUI/Bn6t9ZF99A4FLymb4kDo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=3eTsKH1Gt6UuY+qTYeIGAHCrNHEkFFGNf46npvJBD3c=; b=i BwrzZgAspLlvSmV2IyxUeZom3U0i7UnTk2AMHijl3x0nX7IKFR/ptLJTlyndfCBTZCJ9jdX8NxIy2 FZTZdV/CrIJb1P0eDDOw7q3PrAhdy889H9+r1sPzeYkijlN933YHqncUyZNQTrmIk5IX2XkjBeAGZ MmkPn4nZzp44bXAY=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p409e-0003ke-UZ for openvpn-devel@lists.sourceforge.net; Sat, 10 Dec 2022 13:44:43 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1p409T-000HEq-MU for openvpn-devel@lists.sourceforge.net; Sat, 10 Dec 2022 14:44:27 +0100 Received: (nullmailer pid 1433465 invoked by uid 10006); Sat, 10 Dec 2022 13:44:27 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Sat, 10 Dec 2022 14:44:27 +0100 Message-Id: <20221210134427.1433419-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This disables DCO in both --secret mode and when no encryption/TLS is used. Also aligns the message with the deprecation warning we have in place. Signed-off-by: Arne Schwabe --- src/openvpn/dco.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1p409e-0003ke-UZ Subject: [Openvpn-devel] [PATCH] Disable DCO when TLS mode is not used X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1751834858426158340?= X-GMAIL-MSGID: =?utf-8?q?1751834858426158340?= This disables DCO in both --secret mode and when no encryption/TLS is used. Also aligns the message with the deprecation warning we have in place. Signed-off-by: Arne Schwabe Acked-by: Gert Doering Acked-by: Antonio Quartulli --- src/openvpn/dco.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 6358d53f9..5cce3f641 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -275,9 +275,10 @@ dco_check_startup_option(int msglevel, const struct options *o) return false; } - if (o->shared_secret_file) + if (!o->tls_client && !o->tls_server) { - msg(msglevel, "--secret is set. Disabling data channel offload"); + msg(msglevel, "No tls-client or tls-server option in configuration " + "detected. Disabling data channel offload."); return false; }