From patchwork Sun Oct  7 06:52:15 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steffan Karger <steffan@karger.me>
X-Patchwork-Id: 499
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend30.mail.ord1d.rsapps.net with LMTP id +FF4HyRIulvpbAAAIUCqbw
	for <patchwork@openvpn.net>; Sun, 07 Oct 2018 13:53:40 -0400
Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6])
	by director9.mail.ord1d.rsapps.net with LMTP id aIJfHyRIuluKQwAAalYnBA
	; Sun, 07 Oct 2018 13:53:40 -0400
Received: from smtp1.gate.ord1c ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy16.mail.ord1d.rsapps.net with LMTP id ACYQHyRIultgXQAAetu3IA
	; Sun, 07 Oct 2018 13:53:40 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp1.gate.ord1c.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed)
 header.d=karger-me.20150623.gappssmtp.com; dmarc=none (p=nil;
 dis=none) header.from=karger.me
X-Suspicious-Flag: YES
X-Classification-ID: ebcf35ce-ca59-11e8-8326-842b2b47c027-1-1
Received: from [216.105.38.7] ([216.105.38.7:54658]
 helo=lists.sourceforge.net)
	by smtp1.gate.ord1c.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 63/30-20741-3284ABB5; Sun, 07 Oct 2018 13:53:39 -0400
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1g9DEH-000178-Mf; Sun, 07 Oct 2018 17:52:33 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <steffan@karger.me>) id 1g9DEG-000170-B5
 for openvpn-devel@lists.sourceforge.net; Sun, 07 Oct 2018 17:52:32 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=wojMu21J09P7j5oD9KpQwQ2rvNNVdVGv0z2goSg47RU=; b=JDhDdkHbUuqCLtoG38oeyVOkRd
 kEk1SZD+onQXL2a/80/rQ03iioYbFyuTKXtSkfVpCaK0Viq1FsRZLjEX+RUzfVDSwVMKQsIlwRJqy
 NQXEqL1aEvhPcn+APGHY9jMDKBWUWmzZ/CGW/u/VrNfUo9KFc6WKAetd8v5T8a/0SswQ=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=wojMu21J09P7j5oD9KpQwQ2rvNNVdVGv0z2goSg47RU=; b=mCdNL1kWLRkadiL+UVSX/wNh/Q
 AEwqQh6E5gZpEI1UhjXIZ588XTOcQVu4deDsCBv0NP9RpGmM9uMOKKoRTVAQwNlWL3Zx5rIjfZma5
 Ih0++gRqo6Ve9IwTR0ws9z4CjET6AeEjwUKzHEn3mIVmjZixsmb4jaB/meizpajqYigk=;
Received: from mail-ed1-f66.google.com ([209.85.208.66])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1)
 id 1g9DEC-002btA-Uq
 for openvpn-devel@lists.sourceforge.net; Sun, 07 Oct 2018 17:52:32 +0000
Received: by mail-ed1-f66.google.com with SMTP id z21-v6so11230681edb.11
 for <openvpn-devel@lists.sourceforge.net>;
 Sun, 07 Oct 2018 10:52:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=karger-me.20150623.gappssmtp.com; s=20150623;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=wojMu21J09P7j5oD9KpQwQ2rvNNVdVGv0z2goSg47RU=;
 b=oEPzhLoQMfVFbJ3LQnQDFyZDZJ1SQmfJvoLzq2bVGWXFM5rj4KOML5P8rg2D9JKslN
 KIidsMFrLQnc4MaMiRZIGlntWeDhF9Tqdoh0Btz4zEBXhSqNBxV5c0WVfjI1kflJhMFP
 zsF6peUT02djG1rLi1BzSHl5mZl58vt8qUn+9MBDb2WXysTIEjpoxf44CkrgQPZ8Dbhd
 ALHSnMhzuagQC68NEZ/7xb0/rtThXYC8b9jvWhaEQGP8yaysjWP5zaWF9QZJj8+ekPfn
 twF5cjt4jBOGVBSrZrhhFwFQEN1a6NpIYkiC+Vudy+qKTkMeWKeINeXzcJtiXbuVV89P
 RiiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=wojMu21J09P7j5oD9KpQwQ2rvNNVdVGv0z2goSg47RU=;
 b=RPNy/p4WGUOk32sLVg4HBNzfs6gE8jJTCSmQEj60+ox2lPfK29bHsDjpV+UwmfL48c
 y8nx5G5g3o/+ihbzWD1cQIrF5WjCP6/MOXgmCt1BOTYcZAh8XvmAefmtnQtox9sQMVgS
 IQMcWZ/AAQbldWrkCIWX71p1emYHuddP5b5PPcCNVQvw8mlKr/3hEL/6j8u3ooSupgim
 kFplBDQwCTOdvJOokezr3IQWHdQ0SyXzF6Xvg9uKXbewrItZrgJ1VFQIAhAnw8f8pD9r
 N8yPIluDlJ452xS6kYqgwmye6oDT1yM+Fjcw2NNxQ38FifDVFd9+16kdCcye3e9kvX8+
 UsRg==
X-Gm-Message-State: ABuFfohWIABNAbyn2cud1JDp16gEyNAF5qYVVl9BjYJ0gNs4NN5RADYO
 LY5RjKPmpL52iyBv1LBTlnOg+WYsG/HW1w==
X-Google-Smtp-Source: 
 ACcGV614yUgpQO2koi2t+OmvEGECPAWx1uo/b3KrefYoGsQM7SeIhs+PhrqjNshki3y3/36vtqm1Dg==
X-Received: by 2002:a17:906:2ce:: with SMTP id
 14-v6mr20280555ejk.66.1538934741909;
 Sun, 07 Oct 2018 10:52:21 -0700 (PDT)
Received: from localhost.localdomain ([2001:985:e54:1050::1000])
 by smtp.gmail.com with ESMTPSA id 7-v6sm1256230ejy.11.2018.10.07.10.52.20
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 07 Oct 2018 10:52:21 -0700 (PDT)
From: Steffan Karger <steffan@karger.me>
To: openvpn-devel@lists.sourceforge.net
Date: Sun,  7 Oct 2018 19:52:15 +0200
Message-Id: <20181007175215.25009-1-steffan@karger.me>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20181007130123.GD962@greenie.muc.de>
References: <20181007130123.GD962@greenie.muc.de>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [209.85.208.66 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.208.66 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -0.0 DKIMWL_WL_MED          DKIMwl.org - Whitelisted Medium sender
 -0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1g9DEC-002btA-Uq
Subject: [Openvpn-devel] [PATCH v2] Don't print OCC warnings about
 'key-method', 'keydir' and 'tls-auth'
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

From: Steffan Karger <steffan.karger@fox-it.com>

Like 'proto', a mismatch in key-method, keydir or tls-auth would fail
before we ever get to the point where we can print this warning.

This prepares for removing these from the occ string later on, but also
prepares for tls-crypt-v2, which allows a server to support tls-auth and
tls-crypt-v2 connections in parallel. Such a server will send 'keydir'
and 'tls-auth' in the occ string. This change removes the spurious
warnings about that in the client log.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
---
v2: use strprefix instead of strcmp, and add tun-ipv6.

 src/openvpn/options.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 2199af53..45c5ea64 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3788,11 +3788,15 @@ options_warning_safe_scan2(const int msglevel,
                            const char *b1_name,
                            const char *b2_name)
 {
-    /* we will stop sending 'proto xxx' in OCC in a future version
-     * (because it's not useful), and to reduce questions when
-     * interoperating, we start not-printing a warning about it today
+    /* We will stop sending 'key-method', 'keydir', 'proto' and 'tls-auth' in
+     * OCC in a future version (because it's not useful). To reduce questions
+     * when interoperating, we no longer printing a warning about it.
      */
-    if (strncmp(p1, "proto ", 6) == 0)
+    if (strprefix(p1, "key-method ")
+        || strprefix(p1, "keydir ")
+        || strprefix(p1, "proto ")
+        || strprefix(p1, "tls-auth ")
+        || strprefix(p1, "tun-ipv6 "))
     {
         return;
     }