From patchwork Mon Sep 16 13:04:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "ralf_lici (Code Review)" X-Patchwork-Id: 3832 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c41d:b0:5b9:581e:f939 with SMTP id jt29csp1191567mab; Mon, 16 Sep 2024 06:04:29 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUicEh09RmATb/HOWYwE0VTZadaN7/ervwR9PP4NxavhFax5szgbcYSiA3jmuQ0xwd+1+ZTdN5aF60=@openvpn.net X-Google-Smtp-Source: AGHT+IERBhA3TjiasJ1Y+nZ3cHsUhXc/6Xlu8puk0LytEFhUipbOGsUhQSw55slxcrujN7AHh3yz X-Received: by 2002:a05:6e02:b4d:b0:39f:51b8:5e05 with SMTP id e9e14a558f8ab-3a08495477fmr107700095ab.16.1726491869463; Mon, 16 Sep 2024 06:04:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1726491869; cv=none; d=google.com; s=arc-20240605; b=FYS8y7mK4Pjhy30dnJEZkVZHhjVsoVem87qtXqg2c6uEP3rzI8vqC/bYUtcD1nLo7K Moh9W2GQas8logsJc/GvvLGg4wP4TCdtcXpnG6/SByJdx4Y4Hk+fVt+fHEZ3qnv77V2b hvnCye98azezYgM6eg2XnHiRyeM0uw4vRivapRDSyYt5V5l1RFJ/1pYiApnABUDa6vLt NZ8XcppZbWVZo/nQh2w9f/VKTXCg5INC5b6Gq0Y13zY6ScOdAIxmm9p3lN9JZpEqH/8M esBxz3Ulo4ZjFueWC0e90pW6B0snzaWQW2BvkbDW7pJ+yulkr1BC5gv4hkncoSSVGYPk gscA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=m+gswDj/7PWKs+Dnf63dF1KtjOWtxWoVHbzBzuyUcGc=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=g6VFzwtK+ymNJi/Ug5TwH+lfrqsv3YQEkOUuCOg7HrgLQY9SrXd96odCzl3NMeBDMZ rQuL06EWZ41PC0VoVBZwQVYjAwdBv9x1wNmFevS0wrfXh2im9Ps68gUSY9ars1zI0cx9 SGWcyL/6xaQ9Os29G79filYCU0hsxxfUWDuLib1Iwel/2wR8md5D3Y+/eAyQLTnkTZEc MkID9pFgQYP37TtR7m5iMdMhzKeQRKRBHqlHQT/6h3rnxYCpq/w3NYPQDkIHfdnWleln VMyRxbCsaRLLcFX3WbpFnehnGs1YCLI4VJm4lTg7pFrPiXAHHMzRmEyH+2vUaXjDOsr2 zDww==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=NaSCX9rG; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=fwqCpI6t; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=GiY6hvF+; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id e9e14a558f8ab-3a092e13fb0si23108385ab.52.2024.09.16.06.04.29 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Sep 2024 06:04:29 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=NaSCX9rG; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=fwqCpI6t; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=GiY6hvF+; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1sqBOq-00031h-PP; Mon, 16 Sep 2024 13:04:16 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sqBOo-00031Z-HN for openvpn-devel@lists.sourceforge.net; Mon, 16 Sep 2024 13:04:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=htFUqrQDyww3bLnHtT7EVyNTndZ3ANFzr1XE4DB3wmQ=; b=NaSCX9rGTQoQJi+rYEZXqkT3zs jNHdktOyuoLvtDZhg7wXlkf0NWKu0a5bvJ22Rcci35xPGbKQUY2XiSvedvsmfT7lvZ9f2DxTD1Y65 eTrW4/pA+ou9YE27j0HeoMSP0bKJXiamVGjcpf0i9AkVVhXLCydzyGupFdHKEPdhw9r8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=htFUqrQDyww3bLnHtT7EVyNTndZ3ANFzr1XE4DB3wmQ=; b=f wqCpI6t2RZIxXLo9VY97qWCIvDU+/DVVVF5IpjrtZfe2nrD7+094ONDWsagq9JX6lspMapxlWgvRf W+8r0a34IH6CIobQgrwm0X5GaIbqxEVZOU2ANrMvxyz4BbPhn5ZDGPRtkul4o0O1Jh0Z7Jw0I3Esr GLavlN0cYdZJCwjk=; Received: from mail-wm1-f45.google.com ([209.85.128.45]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1sqBOn-0000x1-13 for openvpn-devel@lists.sourceforge.net; Mon, 16 Sep 2024 13:04:13 +0000 Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-42cb58d810eso34137775e9.0 for ; Mon, 16 Sep 2024 06:04:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1726491846; x=1727096646; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=htFUqrQDyww3bLnHtT7EVyNTndZ3ANFzr1XE4DB3wmQ=; b=GiY6hvF+KujaITQ0ULZOPCmJSazCFRk/EVeUy2pkrYeY8HEXeaSjOMSPG0VKUqXCOy bSrjQVzog3KAyFmIHXCEJSr7a3zApXMHTUwnfnmpq1Tj6Y29Vt09OHFWx+bsNr97hTYv MMWYrRPCsXrS7DjfPMawrKiceuT7dP+Wz4iKTolkmLzP46P4+Z2IBHYYTVI6B/3E2Mxf zoyighe9G+lITvYQMhx380whK27BYI++2Pg1cflYfyUhjs+DB3KlnpAB8LRleOd0Crcx yeUUacWrkA24P6Rrrt1Q/nTVjYG/B6N5NxpPZ9cpoQ/jM7DP93nw7XS8frEy9zVX8Uu7 ErOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726491846; x=1727096646; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=htFUqrQDyww3bLnHtT7EVyNTndZ3ANFzr1XE4DB3wmQ=; b=MaEpVpGXDidGiSxfdUWpxzU/4/4vwAVHZXcfetEecis6OEnqIsh60Xn8ORF6UZ+K3+ /uHuazAbFfwuCs4BWvzbqAf3YK60ZrCZFwqq26wWOJH46ZDlDftn8w6Vx82GT5MLc0lg ryegWs3X2Tw+l/AaXlLa519STOe9rWVHxn0x6zRcufiEBujwqT+SZQk5XtMA0Cca6Mm5 wP0E4xakn/UmGt316Qr47GcsDfzRZmk68susOig3VCL0SYQk12pluHfiEzABcsqtjg0t 9s0D8MJb9tOJRu7ydY2BNZGPAXORvPFJ39tXCBQCzxHK7XW80MeVU2hljfaLYHQmDcVa 2btw== X-Gm-Message-State: AOJu0YxPoeUQqVq/r9KcR0cFi++wmi4zjzQyFLb+YHxdrRMC8mjutyl6 OS9C0b9Jil1RXu41o8bexf/2vFIpvMePvW12FY0+6B9natGgyzJlmHU+WyKUShtBuY7JQ1kOonJ 1 X-Received: by 2002:a05:600c:1d27:b0:42c:b991:98bc with SMTP id 5b1f17b1804b1-42cbdb822bemr134526905e9.0.1726491846098; Mon, 16 Sep 2024 06:04:06 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42d9b19494asm112362875e9.47.2024.09.16.06.04.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Sep 2024 06:04:05 -0700 (PDT) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 16 Sep 2024 13:04:05 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Ie2797a82ad769cb640440d1ba7dfeb416e7b932d X-Gerrit-Change-Number: 746 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 827a1b60058922ab9ed1854d913b2270e4ac808f References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -1.2 (-) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-1.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -1.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.45 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.45 listed in list.dnswl.org] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1sqBOn-0000x1-13 Subject: [Openvpn-devel] [XS] Change in openvpn[master]: Move cipher/data-ciphers warning to D_LOW (verb 4) X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1810357938439871026?= X-GMAIL-MSGID: =?utf-8?q?1810357938439871026?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/746?usp=email to review the following change. Change subject: Move cipher/data-ciphers warning to D_LOW (verb 4) ...................................................................... Move cipher/data-ciphers warning to D_LOW (verb 4) These warnings served a purpose in OpenVPN 2.6.x to warn people about the changed behaviour. But for 2.7 this is will be more log spam than a helpful message. So only show this warning on a high verbosity level. Change-Id: Ie2797a82ad769cb640440d1ba7dfeb416e7b932d Signed-off-by: Arne Schwabe --- M src/openvpn/options.c 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/46/746/1 diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 61f6285..6009e5f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3546,7 +3546,7 @@ * parts of OpenVPN assert that the ciphername is set */ o->ciphername = "BF-CBC"; - msg(M_INFO, "Note: --cipher is not set. OpenVPN versions before 2.5 " + msg(D_LOW, "Note: --cipher is not set. OpenVPN versions before 2.5 " "defaulted to BF-CBC as fallback when cipher negotiation " "failed in this case. If you need this fallback please add " "'--data-ciphers-fallback BF-CBC' to your configuration " @@ -3555,7 +3555,7 @@ else if (!o->enable_ncp_fallback && !tls_item_in_cipher_list(o->ciphername, o->ncp_ciphers)) { - msg(M_WARN, "DEPRECATED OPTION: --cipher set to '%s' but missing in " + msg(D_LOW, "DEPRECATED OPTION: --cipher set to '%s' but missing in " "--data-ciphers (%s). OpenVPN ignores --cipher for cipher " "negotiations. ", o->ciphername, o->ncp_ciphers);