From patchwork Thu Nov 27 11:57:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4643 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6c3:b0:7b1:439f:bdf with SMTP id j3csp4022520maw; Thu, 27 Nov 2025 03:57:55 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUcdKhntt9JLS5Ftbko4BLasJeIC8cJlmELb8eyQuy4JfaI1pB9xt1KlnL8NlAPhGfirb9C8GogpU0=@openvpn.net X-Google-Smtp-Source: AGHT+IGdrre/w6jiDkA2vdovpSTlzxn/Lio9q9YNSb1PgiJMioa79YapHbZ1ylwVcwCcG07+Td9H X-Received: by 2002:a05:6808:6706:b0:450:b8da:b80e with SMTP id 5614622812f47-45112875122mr9990101b6e.2.1764244675468; Thu, 27 Nov 2025 03:57:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1764244675; cv=none; d=google.com; s=arc-20240605; b=XVXwNvsX7YF20wxqJCUrV4Qr5q/Xpr1stv1h45dXIHEkA71DBsCqSXauW8XH+LNnI9 CSQ5/OLOw9dyxupyq8+doJBqVi6ayoHnyLsoNKiM68ieooUBiRHurdR59GHl6u+Dy/zU HAUOfUGjfIyiwrfi1OgXpgYDN7Yc2t/nwxlQ/h+HJ/itVG3qYXAZJXoErZ/SGIhwwOp/ POg2Ekyynn5eF9JJNCv+Hki7wsrunhlNSjIqcaQNdRYnU+1dL+yXNKff6rmenikCCs0d f84pebSSbo4kgVdbuF/gLbxHlWGhPQ4Zc3KHb3Odo7oH8Y3bsoTaWopWRm+oa8//v3tv yViQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=bEhjt6pMflY5TWKG7eZ1Uj52sfU/t4UFPJyQMs7Fei8=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=kov6TMod35tI2PikhMDFR3NrTVuOAIxDvnsqKglizL+2FBt5x/p7MVlkvy6hXruHCL QE3JpQKuROWEWSVQacjcUtT6HiUjdlWvoG3i1Twoj8nzyzBcGEX9PjjFs2ucQR/mzhS5 YZfJ4fjlWFSbjkaK9Oau6Jxbah1dILFO/tvy5kYi68wGpmfHN/ojvVSq9RHscLe3RBej Mcwsd1Llc+R4k85stsy0l/rrQGze2gKLQ0Cc1+gOfUAmlUIRhrq5zeRKhWHqqutCLIfZ v0fkh0PG63SPI0spYsne9XG2gbPTNPBRUrKg8ambv+fDadxXGLJfaAlOee6YEvZzr0WH cU/Q==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=DQyhtcFC; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="k4tLh/GR"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ghU+IwBA; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-3f0dcff4642si170553fac.754.2025.11.27.03.57.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Nov 2025 03:57:55 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=DQyhtcFC; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="k4tLh/GR"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ghU+IwBA; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=bEhjt6pMflY5TWKG7eZ1Uj52sfU/t4UFPJyQMs7Fei8=; b=DQyhtcFCWRfUsfx7Dv61dGpkaX 4gFsiJdQUWYX3UK1Skk18xtMA1X64P1p43yAAsc7KdHf1wb6YNDgIc7yYMIlisusc8Zo6B9ycxxuA Y/ceZ3xGnLe/03e8ncWVEkhq8rQ/JxWWnXhZIqSIJQ3Vdst6w1TSyAQ9EGA5ZNcz9qbE=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vOadE-0006W0-EN; Thu, 27 Nov 2025 11:57:52 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vOadC-0006Vt-OA for openvpn-devel@lists.sourceforge.net; Thu, 27 Nov 2025 11:57:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=9uDH33HJwNFNpJZncgBVryqhaepaAVgh5qyxJZxEIBg=; b=k4tLh/GR2pW2nbkDNuB1s5HRgH H3m53yTfWdjg3woYx/MOB0sbexvea2DruM7eAec/cnbilBjxQI9LHQNw+Mbwt0Eh3R92IZOuok5WQ xhlFBO8g60QIs4oVAzX+3zqNZfTYaN+nrlkOALTvJiBho+oFhIAKia9/DTxF7XcsPWac=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=9uDH33HJwNFNpJZncgBVryqhaepaAVgh5qyxJZxEIBg=; b=ghU+IwBAmQDtrIDU/LYLjBG0Gy WszEitPLHQCPPcRmnH7kJ5rm46TrZNQOoan9a0ZeAXEo3z6+6R06BiHBf2XCAenJbbi7+nGbr7o6K qxSMTXee6Ss33ia375FDAoronggCbV1hRBHHd9FHLdJHLWv5dEuPto4Pynpfd3oJXNGU=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vOadB-0000E4-L1 for openvpn-devel@lists.sourceforge.net; Thu, 27 Nov 2025 11:57:50 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5ARBvcVW003618 for ; Thu, 27 Nov 2025 12:57:38 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5ARBvcOS003617 for openvpn-devel@lists.sourceforge.net; Thu, 27 Nov 2025 12:57:38 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 27 Nov 2025 12:57:32 +0100 Message-ID: <20251127115737.3598-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This option was removed in 2.5 (commit c3f565f059) but still showed up in the ``openvpn --help`` text and in a Q&A section of the man page. Change-Id: Ib15bd4148872db39a4c8291796a5da211bb20a87 Signed-off-by: Gert Doering Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/open [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vOadB-0000E4-L1 Subject: [Openvpn-devel] [PATCH v1] Remove remainders of --no-name-remaping option X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1849944624475293099?= X-GMAIL-MSGID: =?utf-8?q?1849944624475293099?= This option was removed in 2.5 (commit c3f565f059) but still showed up in the ``openvpn --help`` text and in a Q&A section of the man page. Change-Id: Ib15bd4148872db39a4c8291796a5da211bb20a87 Signed-off-by: Gert Doering Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1411 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1411 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/doc/man-sections/script-options.rst b/doc/man-sections/script-options.rst index 670cd33..cadd464 100644 --- a/doc/man-sections/script-options.rst +++ b/doc/man-sections/script-options.rst @@ -571,8 +571,8 @@ a filename, etc. *Q: Can string remapping be disabled?* - Yes, by using the ``--no-name-remapping`` option, however this - should be considered an advanced option. + No. The options ``--no-name-remapping`` and ``--compat-names`` have + been removed in 2.5 because they were considered too insecure. Here is a brief rundown of OpenVPN's current string types and the permitted character class for each string: diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 4794315..0257418f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -474,8 +474,6 @@ " for generated tokens can be set.\n" "--auth-user-pass-optional : Allow connections by clients that don't\n" " specify a username/password.\n" - "--no-name-remapping : (DEPRECATED) Allow Common Name and X509 Subject to include\n" - " any printable character.\n" "--client-to-client : Internally route client-to-client traffic.\n" "--duplicate-cn : Allow multiple clients with the same common name to\n" " concurrently connect.\n"