aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--init.c2
-rw-r--r--options.h4
2 files changed, 5 insertions, 1 deletions
diff --git a/init.c b/init.c
index 20b6d8b..b4ff6cd 100644
--- a/init.c
+++ b/init.c
@@ -1671,7 +1671,7 @@ do_option_warnings (struct context *c)
&& !o->tls_verify
&& !o->tls_remote
&& !(o->ns_cert_type & NS_SSL_SERVER)
- && !o->remote_cert_eku[0])
+ && (o->remote_cert_eku == NULL || !o->remote_cert_eku[0]))
msg (M_WARN, "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.");
#endif
#endif
diff --git a/options.h b/options.h
index 32e511c..3c3c202 100644
--- a/options.h
+++ b/options.h
@@ -396,6 +396,8 @@ struct options
int ns_cert_type; /* set to 0, NS_SSL_SERVER, or NS_SSL_CLIENT */
unsigned remote_cert_ku[MAX_PARMS];
const char *remote_cert_eku;
+
+#ifdef ENABLE_PKCS11
const char *pkcs11_providers[MAX_PARMS];
const char *pkcs11_sign_mode[MAX_PARMS];
const char *pkcs11_slot_type;
@@ -405,6 +407,8 @@ struct options
int pkcs11_pin_cache_period;
bool pkcs11_protected_authentication;
bool pkcs11_cert_private;
+#endif
+
#ifdef WIN32
const char *cryptoapi_cert;
#endif