From patchwork Fri Jul 24 04:04:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1330 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.27.255.56]) by backend30.mail.ord1d.rsapps.net with LMTP id uLUNB5TqGl/iFQAAIUCqbw for ; Fri, 24 Jul 2020 10:05:08 -0400 Received: from proxy5.mail.iad3a.rsapps.net ([172.27.255.56]) by director7.mail.ord1d.rsapps.net with LMTP id wJq9BZTqGl+UGAAAovjBpQ (envelope-from ) for ; Fri, 24 Jul 2020 10:05:08 -0400 Received: from smtp53.gate.iad3a ([172.27.255.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.iad3a.rsapps.net with LMTP id 0Gj2OZPqGl81LgAAhn5joQ ; Fri, 24 Jul 2020 10:05:07 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp53.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: ad7dcc4c-cdb6-11ea-9068-5254009c3572-1-1 Received: from [216.105.38.7] ([216.105.38.7:53080] helo=lists.sourceforge.net) by smtp53.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B0/5C-19370-39AEA1F5; Fri, 24 Jul 2020 10:05:07 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jyyJ9-0008Sp-OU; Fri, 24 Jul 2020 14:04:19 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyyJ8-0008Sf-Mq for openvpn-devel@lists.sourceforge.net; Fri, 24 Jul 2020 14:04:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=PXBFvHoWG5xRs/xNrJrlm9X6uv0040HlhXpLIgVJ04E=; b=cBLgCyzP/80enBaAgGJ2vSoU6o 9iOTYqa9JAIwrvChHczYpKvxMdNh63nYk0+BBdiTcBmkkxpKz3Th/yM+9vehfRhqIHOE1dQtFcVlH msaeh5cneo8n5/y/gJJSFFTag/+sb92XzDICtAYP+S7dYfr7hxk1mPLzC2rmRlxCd484=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=PXBFvHoWG5xRs/xNrJrlm9X6uv0040HlhXpLIgVJ04E=; b=P603NjJDfYRhVsQjO8dJz0tMqW WjzyuyKs6ucsJJMS+rcjmyqDWFL7hx7ZHaFbRTbCThkBNJgG19HZqLhZZ3kbwp+niA5brQzXpbyYR ov96yaqnlYhltlvXPoTYNaHhxbkEUQFApNt8bvJ4zInr6nDefzzZGvUQFVQrhBxmjOBc=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jyyJ5-00G1qg-BA for openvpn-devel@lists.sourceforge.net; Fri, 24 Jul 2020 14:04:18 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1jyyIy-000LFA-3J for openvpn-devel@lists.sourceforge.net; Fri, 24 Jul 2020 16:04:08 +0200 Received: (nullmailer pid 22438 invoked by uid 10006); Fri, 24 Jul 2020 14:04:07 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 24 Jul 2020 16:04:07 +0200 Message-Id: <20200724140407.22393-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200717134739.21168-1-arne@rfc2549.org> References: <20200717134739.21168-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1jyyJ5-00G1qg-BA Subject: [Openvpn-devel] [PATCH 10/10] Add a note that ncp-ciphers is replaced by data-ciphers X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This patch adds a message that informs the user that the ncp-cipher is renamed to data-ciphers. This should address the following concerns: - Users being confused by old options. - Nudge users to use the modern variant of an option The man page already documents ncp-ciphers as an old name for data-ciphers, so looking it up in the man page will also work. Note that I did not add "deprecated old option" to this message since I still think that eventually removing the option will only break configs and we gain almost nothing from that. Also still accepting the option even though we do not recommend usage of it also follows the robustness principle of: "be strict in what you send and tolerant in what you receive" Signed-off-by: Arne Schwabe --- src/openvpn/options.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 5beaba0f..01f0ca0f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -7939,6 +7939,11 @@ add_option(struct options *options, && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INSTANCE); + if (streq(p[0], "ncp-ciphers")) + { + msg(M_INFO, "Note: Rewriting option '--ncp-ciphers' to " + " '--data-ciphers'"); + } options->ncp_ciphers = p[1]; } else if (streq(p[0], "ncp-disable") && !p[1])