summaryrefslogtreecommitdiff
path: root/src/openvpn/init.c
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2013-05-17 12:00:05 +0200
committerAlberto Gonzalez Iniesta <agi@inittab.org>2013-05-17 12:00:05 +0200
commit7da22c96dd646047e97732832331c84528bdc95e (patch)
tree182180f14a3e23d52308d40654e1cf06b554944c /src/openvpn/init.c
parent8a59dafbd02d0ee1faaf674f4420cdc412f13aea (diff)
parentfcc893c0d8d245525cfb023b6e2a8aae086304cf (diff)
Merge tag 'upstream/2.3.1'
Upstream version 2.3.1
Diffstat (limited to 'src/openvpn/init.c')
-rw-r--r--src/openvpn/init.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 25d8225..979ba23 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2205,7 +2205,8 @@ do_init_crypto_tls (struct context *c, const unsigned int flags)
to.verify_command = options->tls_verify;
to.verify_export_cert = options->tls_export_cert;
- to.verify_x509name = options->tls_remote;
+ to.verify_x509_type = (options->verify_x509_type & 0xff);
+ to.verify_x509_name = options->verify_x509_name;
to.crl_file = options->crl_file;
to.ssl_flags = options->ssl_flags;
to.ns_cert_type = options->ns_cert_type;
@@ -2467,12 +2468,10 @@ do_option_warnings (struct context *c)
warn_on_use_of_common_subnets ();
if (o->tls_client
&& !o->tls_verify
- && !o->tls_remote
+ && o->verify_x509_type == VERIFY_X509_NONE
&& !(o->ns_cert_type & NS_CERT_CHECK_SERVER)
&& !o->remote_cert_eku)
msg (M_WARN, "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.");
- if (o->tls_remote)
- msg (M_WARN, "WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).");
#endif
#endif