Re: [Openvpn-devel] [PATCH 10/10] Add a note that ncp-ciphers is replaced by data-ciphers

[Arne S. <ar...@rf...>]

Am 24.07.20 um 16:04 schrieb Arne Schwabe:
> This patch adds a message that informs the user that the ncp-cipher
> is renamed to data-ciphers. This should address the following concerns:
> 
>  - Users being confused by old options.
>  - Nudge users to use the modern variant of an option
> 
> The man page already documents ncp-ciphers as an old name for
> data-ciphers, so looking it up in the man page will also work.
> 
> Note that I did not add "deprecated old option" to this message
> since I still think that eventually removing the option will only
> break configs and we gain almost nothing from that.
> 
> Also still accepting the option even though we do not recommend usage of
> it also follows the robustness principle of:
> "be strict in what you send and tolerant in what you receive"
> 
> Signed-off-by: Arne Schwabe <ar...@rf...>
> ---
>  src/openvpn/options.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index 5beaba0f..01f0ca0f 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -7939,6 +7939,11 @@ add_option(struct options *options,
>              && p[1] && !p[2])
>      {
>          VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INSTANCE);
> +        if (streq(p[0], "ncp-ciphers"))
> +        {
> +            msg(M_INFO, "Note: Rewriting option '--ncp-ciphers' to "
> +                        " '--data-ciphers'");
> +        }
>          options->ncp_ciphers = p[1];
>      }
>      else if (streq(p[0], "ncp-disable") && !p[1])
> 

Sorry, send out an old version. V2 incoming.

Arne