From patchwork Fri Jul 24 04:25:57 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arne Schwabe <arne@rfc2549.org>
X-Patchwork-Id: 1332
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director11.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend30.mail.ord1d.rsapps.net with LMTP id uElwOKXvGl97YwAAIUCqbw
	for <patchwork@openvpn.net>; Fri, 24 Jul 2020 10:26:45 -0400
Received: from proxy8.mail.ord1d.rsapps.net ([172.30.191.6])
	by director11.mail.ord1d.rsapps.net with LMTP
	id iKE5OKXvGl8MUAAAvGGmqA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Fri, 24 Jul 2020 10:26:45 -0400
Received: from smtp35.gate.ord1d ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy8.mail.ord1d.rsapps.net with LMTP id eDQbOKXvGl+NHwAAGdz6CA
	; Fri, 24 Jul 2020 10:26:45 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp35.gate.ord1d.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=rfc2549.org
X-Suspicious-Flag: YES
X-Classification-ID: b3099e4a-cdb9-11ea-bbe8-525400a7b7b4-1-1
Received: from [216.105.38.7] ([216.105.38.7:46260]
 helo=lists.sourceforge.net)
	by smtp35.gate.ord1d.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 3C/68-04630-4AFEA1F5; Fri, 24 Jul 2020 10:26:45 -0400
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1jyyeF-0008NR-27; Fri, 24 Jul 2020 14:26:07 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <arne@kamera.blinkt.de>) id 1jyyeD-0008NK-Mq
 for openvpn-devel@lists.sourceforge.net; Fri, 24 Jul 2020 14:26:05 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To:
 From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=wQd6Bv0anFnpQHX9CGPN6uBa/PpYsTJdLgX3BeHA3Tc=; b=R9TMIJxUolF4xthV3PIce2/pXR
 Hct1C/atGWDmHTUa0KWKzC9RMcPaPOiYGL8dvPbPsjuW9fKg+4ObOtknvVNTX8s/8wqSn/lva0NkX
 UqWbIuQlqP74NOGbcyrqeX/QFUg0DdyIe3d11dUmDpjBO977HQ3AA4JN9jgOm7Uzygis=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=wQd6Bv0anFnpQHX9CGPN6uBa/PpYsTJdLgX3BeHA3Tc=; b=JWRe2SatNdtQwU4yjQsR2XTtVB
 v+KQ/qysn79/avVDsqDt92EmcMtFiCxwlsEBGc7+SdU0uevVqQ4vRVR+RLopAEyT52aq0uYIq0Qr4
 +aHlUw0u5wA8B7Ya+MRb5N1hWGTkJYIF/cYBfmzW7+A1qO4b8r3CikSInXiJak6wqMOI=;
Received: from mail.blinkt.de ([192.26.174.232])
 by sfi-mx-4.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2)
 id 1jyyeC-001TNp-HQ
 for openvpn-devel@lists.sourceforge.net; Fri, 24 Jul 2020 14:26:05 +0000
Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c])
 by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD))
 (envelope-from <arne@kamera.blinkt.de>) id 1jyye5-000LMN-8d
 for openvpn-devel@lists.sourceforge.net; Fri, 24 Jul 2020 16:25:57 +0200
Received: (nullmailer pid 25249 invoked by uid 10006);
 Fri, 24 Jul 2020 14:25:57 -0000
From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Fri, 24 Jul 2020 16:25:57 +0200
Message-Id: <20200724142557.25204-1-arne@rfc2549.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200717134739.21168-1-arne@rfc2549.org>
References: <20200717134739.21168-1-arne@rfc2549.org>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
 See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [URIs: rfc2549.org]
 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
 domains are different
 0.0 SPF_NONE               SPF: sender does not publish an SPF Record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
X-Headers-End: 1jyyeC-001TNp-HQ
Subject: [Openvpn-devel] [PATCH v2 10/10] Add a note that ncp-ciphers is
 replaced by data-ciphers
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

This patch adds a message that informs the user that the ncp-cipher
is renamed to data-ciphers. This should address the following concerns:

 - Users being confused by old options.
 - Nudge users to use the modern variant of an option

The man page already documents ncp-ciphers as an old name for
data-ciphers, so looking it up in the man page will also work.

Note that I did not add "deprecated old option" to this message
since I still think that eventually removing the option will only
break configs and we gain almost nothing from that.

Also still accepting the option even though we do not recommend usage of
it also follows the robustness principle of:
"be strict in what you send and tolerant in what you receive"

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/options.c | 5 +++++
 1 file changed, 5 insertions(+)

2.26.2

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 5beaba0f..2cff9473 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -7939,7 +7939,11 @@ add_option(struct options *options,
             && p[1] && !p[2])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INSTANCE);
+        if (streq(p[0], "ncp-ciphers"))
+        {
+            msg(M_INFO, "Note: Treating option '--ncp-ciphers' as "
+                        " '--data-ciphers' (renamed in OpenVPN 2.5).");
+        }
         options->ncp_ciphers = p[1];
     }
     else if (streq(p[0], "ncp-disable") && !p[1])
--