Like 'proto', a mismatch in key-method, keydir or tls-auth would fail
before we ever get to the point where we can print this warning.
This prepares for removing these from the occ string later on, but also
prepares for tls-crypt-v2, which allows a server to support tls-auth and
tls-crypt-v2 connections in parallel. Such a server will send 'keydir'
and 'tls-auth' in the occ string. This change removes the spurious
warnings about that in the client log.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20181007175215.25009-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17618.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -3788,11 +3788,15 @@ options_warning_safe_scan2(const int msglevel, |
3788 | 3788 |
const char *b1_name, |
3789 | 3789 |
const char *b2_name) |
3790 | 3790 |
{ |
3791 |
- /* we will stop sending 'proto xxx' in OCC in a future version |
|
3792 |
- * (because it's not useful), and to reduce questions when |
|
3793 |
- * interoperating, we start not-printing a warning about it today |
|
3791 |
+ /* We will stop sending 'key-method', 'keydir', 'proto' and 'tls-auth' in |
|
3792 |
+ * OCC in a future version (because it's not useful). To reduce questions |
|
3793 |
+ * when interoperating, we no longer printing a warning about it. |
|
3794 | 3794 |
*/ |
3795 |
- if (strncmp(p1, "proto ", 6) == 0) |
|
3795 |
+ if (strprefix(p1, "key-method ") |
|
3796 |
+ || strprefix(p1, "keydir ") |
|
3797 |
+ || strprefix(p1, "proto ") |
|
3798 |
+ || strprefix(p1, "tls-auth ") |
|
3799 |
+ || strprefix(p1, "tun-ipv6")) |
|
3796 | 3800 |
{ |
3797 | 3801 |
return; |
3798 | 3802 |
} |