From patchwork Mon Sep 16 13:28:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3837 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c41d:b0:5b9:581e:f939 with SMTP id jt29csp1206731mab; Mon, 16 Sep 2024 06:29:06 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWMSwNU2fOTG+I31kkvSqMNdJymC8uuVxZ8OldSbdI1J40XIdZ4VSRcO2ErcvvaCPNp2R1zYt/X3mY=@openvpn.net X-Google-Smtp-Source: AGHT+IGTfkFdVcRrISHMv4wcQzxu4AnLM/HUsUobF2DqkrILy7RN1DiMiko2kewSE6ijGADBdXK2 X-Received: by 2002:a05:6602:6b8c:b0:82a:2ad1:d622 with SMTP id ca18e2360f4ac-82d1f986517mr1601489539f.16.1726493346397; Mon, 16 Sep 2024 06:29:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1726493346; cv=none; d=google.com; s=arc-20240605; b=A4Q45dNkj8XoftkHbc3ekDSEhxX4to/HSNTQ8sake3GidYWGkOiVFmjzHbceF09DcR NUNzphVi79U8+ge/Rn59J0+rJFdpFMghmm77Q9uegVOk3DtwYISiT9Ig7C+D+mL4VKOa tHTRSLrjngLcMsbgUCpC6NvA8Fh4s+jrrWQaVOjF46f6C+lvpgSobeB64c69SeAT1O5Z K9N9DSA5JuMrp5GOdpG+u07PontFeHGHrKCfK1r/c5z2h2yobr8QR9Mxmxx6YogAFPFO ibykIbvCPaiqPo401aqu7X7+o6FwtlCTHX586fhSVBoSQNnVXMfhwdriZp7W/IyTwVig NL8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=AHU/ktf2gJ+tCCyjPrYt/WqPrzA0XHTgJaZLx8YZZ9M=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=b3T8qcPjg3aXV3bT1r+NgXrPyOB3t5fK/jIV3iPeEy5shAcv5i3lnzhXt4bVulfwF8 hj4u64y1GhdX6eIaebU/s7Q91GDE5GVDnQbFpm47mlglJzAhi9gv/s/hzrGQt821KrN0 HE0ubgFQXnTSffHgtbUwQAUXhWgFX1EiB2vApKVDJ7pofWrVGYcZTrCWDX22iaxFBAI1 RqU4vFEkuPXKIixcalPrevbG5WxDSA74lBvtvmXKelsjcUPRcp/qjl/2L/AseFzcu2Zx BwpFOaCP5w/p6s2KErCa3qUETbr5KFBnKF3z+2+bNkjI6NgD4/nv96MzUdhSnmcAj3T7 7+vg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bC4z9q7q; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="TFDGo9/S"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 8926c6da1cb9f-4d37ec0b7aasi2621013173.57.2024.09.16.06.29.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Sep 2024 06:29:06 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bC4z9q7q; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="TFDGo9/S"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1sqBmo-0007pV-Vc; Mon, 16 Sep 2024 13:29:03 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sqBmn-0007pD-Fh for openvpn-devel@lists.sourceforge.net; Mon, 16 Sep 2024 13:29:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=9QFrHflZ4D10BiarFuM0EAoAl+14ZpbH3zAWwSA6Ddo=; b=bC4z9q7qzctCUs+LGc63v9g+mi Pk1ozc/NijAKewRmN600BpucsBOJsKgNbbIHuoBWGpV6SOY2xVgCQ8Yj65KdIUqi07+Iq4paMmOzv dfUWCws+iln4Icb34lCoN8rq+vBoSat6DNsT/dpUSi0xQIr7Rxu7382uqpg9T0SjbWXQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=9QFrHflZ4D10BiarFuM0EAoAl+14ZpbH3zAWwSA6Ddo=; b=TFDGo9/SPylFHV1PK7Z1gRYnOt yAWC1u43nqkdeerYYF3k5raykT6oxYgSSTAH5S22ILjSt6SQQOlPpzbFgyNTqu4Ym+7IATGM0eGtX N5aX8XXkygLzIc4SJhevyHWkVDoClQPMGZBbje92EWKX5k+/L5lnMPesUMiU9ff8nUvI=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1sqBmm-0002J5-Nd for openvpn-devel@lists.sourceforge.net; Mon, 16 Sep 2024 13:29:02 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 48GDSrWo029434 for ; Mon, 16 Sep 2024 15:28:53 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 48GDSr9w029433 for openvpn-devel@lists.sourceforge.net; Mon, 16 Sep 2024 15:28:53 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 16 Sep 2024 15:28:53 +0200 Message-ID: <20240916132853.29405-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.44.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe These warnings served a purpose in OpenVPN 2.6.x to warn people about the changed behaviour. But for 2.7 this is will be more log spam than a helpful message. So only show this warning on a high verbo [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record X-Headers-End: 1sqBmm-0002J5-Nd Subject: [Openvpn-devel] [PATCH v1] Move cipher/data-ciphers warning to D_LOW (verb 4) X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1810359487565294559?= X-GMAIL-MSGID: =?utf-8?q?1810359487565294559?= From: Arne Schwabe These warnings served a purpose in OpenVPN 2.6.x to warn people about the changed behaviour. But for 2.7 this is will be more log spam than a helpful message. So only show this warning on a high verbosity level. Change-Id: Ie2797a82ad769cb640440d1ba7dfeb416e7b932d Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/746 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 61f6285..6009e5f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3546,7 +3546,7 @@ * parts of OpenVPN assert that the ciphername is set */ o->ciphername = "BF-CBC"; - msg(M_INFO, "Note: --cipher is not set. OpenVPN versions before 2.5 " + msg(D_LOW, "Note: --cipher is not set. OpenVPN versions before 2.5 " "defaulted to BF-CBC as fallback when cipher negotiation " "failed in this case. If you need this fallback please add " "'--data-ciphers-fallback BF-CBC' to your configuration " @@ -3555,7 +3555,7 @@ else if (!o->enable_ncp_fallback && !tls_item_in_cipher_list(o->ciphername, o->ncp_ciphers)) { - msg(M_WARN, "DEPRECATED OPTION: --cipher set to '%s' but missing in " + msg(D_LOW, "DEPRECATED OPTION: --cipher set to '%s' but missing in " "--data-ciphers (%s). OpenVPN ignores --cipher for cipher " "negotiations. ", o->ciphername, o->ncp_ciphers);