[Openvpn-devel,10/10] Add a note that ncp-ciphers is replaced by data-ciphers

Message ID 20200724140407.22393-1-arne@rfc2549.org
State Superseded
Headers show
Series
  • [Openvpn-devel,1/9] Indicate that a client is in pull mode in IV_PROTO
Related show

Commit Message

Arne Schwabe July 24, 2020, 2:04 p.m.
This patch adds a message that informs the user that the ncp-cipher
is renamed to data-ciphers. This should address the following concerns:

 - Users being confused by old options.
 - Nudge users to use the modern variant of an option

The man page already documents ncp-ciphers as an old name for
data-ciphers, so looking it up in the man page will also work.

Note that I did not add "deprecated old option" to this message
since I still think that eventually removing the option will only
break configs and we gain almost nothing from that.

Also still accepting the option even though we do not recommend usage of
it also follows the robustness principle of:
"be strict in what you send and tolerant in what you receive"

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/options.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Arne Schwabe July 24, 2020, 2:16 p.m. | #1
Am 24.07.20 um 16:04 schrieb Arne Schwabe:
> This patch adds a message that informs the user that the ncp-cipher
> is renamed to data-ciphers. This should address the following concerns:
> 
>  - Users being confused by old options.
>  - Nudge users to use the modern variant of an option
> 
> The man page already documents ncp-ciphers as an old name for
> data-ciphers, so looking it up in the man page will also work.
> 
> Note that I did not add "deprecated old option" to this message
> since I still think that eventually removing the option will only
> break configs and we gain almost nothing from that.
> 
> Also still accepting the option even though we do not recommend usage of
> it also follows the robustness principle of:
> "be strict in what you send and tolerant in what you receive"
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> ---
>  src/openvpn/options.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index 5beaba0f..01f0ca0f 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -7939,6 +7939,11 @@ add_option(struct options *options,
>              && p[1] && !p[2])
>      {
>          VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INSTANCE);
> +        if (streq(p[0], "ncp-ciphers"))
> +        {
> +            msg(M_INFO, "Note: Rewriting option '--ncp-ciphers' to "
> +                        " '--data-ciphers'");
> +        }
>          options->ncp_ciphers = p[1];
>      }
>      else if (streq(p[0], "ncp-disable") && !p[1])
> 

Sorry, send out an old version. V2 incoming.

Arne

Patch

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 5beaba0f..01f0ca0f 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -7939,6 +7939,11 @@  add_option(struct options *options,
             && p[1] && !p[2])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INSTANCE);
+        if (streq(p[0], "ncp-ciphers"))
+        {
+            msg(M_INFO, "Note: Rewriting option '--ncp-ciphers' to "
+                        " '--data-ciphers'");
+        }
         options->ncp_ciphers = p[1];
     }
     else if (streq(p[0], "ncp-disable") && !p[1])