Hi Arne, I changed my patch to check the client and client+pull options. Giving an error when neither options are declared.
This however may break current implementations that depend on 'client' not being a required option? Greetings, Merten Subject: [PATCH] Check for client options Require 'client' or 'tls-client'+'pull' to be declared in the config. To prevent other errors, 'client' option is added when 'tls-client' and 'pull' are both declared. Fixes error that --pull is an unknown option. --- openvpn/client/cliopt.hpp | 1 - openvpn/client/cliopthelper.hpp | 11 ++++++++++- openvpn/common/options.hpp | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/openvpn/client/cliopt.hpp b/openvpn/client/cliopt.hpp index f7be44a8..8c52a5c0 100644 --- a/openvpn/client/cliopt.hpp +++ b/openvpn/client/cliopt.hpp @@ -801,7 +801,6 @@ class ClientOptions : public RC<thread_unsafe_refcount> "replay-persist", /* Makes little sense in TLS mode */ "script-security", "sndbuf", - "tls-client", /* Always enabled */ "tmp-dir", "tun-ipv6", /* ignored in v2 as well */ "txqueuelen", /* so platforms evaluate that in tun, some do not, do not warn about that */ diff --git a/openvpn/client/cliopthelper.hpp b/openvpn/client/cliopthelper.hpp index 95aa6664..ad3b4445 100644 --- a/openvpn/client/cliopthelper.hpp +++ b/openvpn/client/cliopthelper.hpp @@ -367,13 +367,22 @@ class ParseClientConfig bool added = false; // client - if (!options.exists("client")) + if (options.exists("client")) + { + options.touch("tls-client", true); + options.touch("pull", true); + } + else if (options.exists("tls-client") && options.exists("pull")) { Option opt; opt.push_back("client"); options.push_back(std::move(opt)); added = true; } + else + { + throw option_error("No 'client' or 'tls-client'+'pull' directive declared. Other roles are not supported."); + } // dev if (!options.exists("dev")) diff --git a/openvpn/common/options.hpp b/openvpn/common/options.hpp index d594c41a..a813647e 100644 --- a/openvpn/common/options.hpp +++ b/openvpn/common/options.hpp @@ -1460,11 +1460,11 @@ class OptionList : public std::vector<Option>, public RCCopyable<thread_unsafe_r } // Touch an option, if it exists. - void touch(const std::string &name) const + void touch(const std::string &name, bool lightly = false) const { const Option *o = get_ptr(name); if (o) - o->touch(); + o->touch(lightly); } // Render object as a string. -- 2.41.0 On Thu, 27 Jul 2023 at 11:14, Arne Schwabe <a...@rfc2549.org> wrote: > > Am 27.07.23 um 10:52 schrieb Merten Fermont: > > Fixes error that --pull is an unknown option in client config. > > --- > > openvpn/client/cliopt.hpp | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/openvpn/client/cliopt.hpp b/openvpn/client/cliopt.hpp > > index f7be44a8..431791f3 100644 > > --- a/openvpn/client/cliopt.hpp > > +++ b/openvpn/client/cliopt.hpp > > @@ -797,6 +797,7 @@ class ClientOptions : public RC<thread_unsafe_refcount> > > "mute-replay-warnings", > > "nobind", /* only behaviour in v3 client anyway */ > > "prng", > > + "pull", /* option is implied by 'client' */ > > "rcvbuf", /* present in many configs */ > > "replay-persist", /* Makes little sense in TLS mode */ > > "script-security", > > > While that will work, it would be better to not ignore that option but > handle it in a similar way to --client. In general we should actually > throw an error if neither client or tls-client+pull are present as > OpenVPN3 cannot operate without these in p2p mode. > > Arne > _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel