The warning provided to --cipher and --auth using the 'none' setting may
not have been too clearly understandable to non-developers or people not
fully understanding encryption and cryptography. This tries to improve
that.
While at it, also break up the long source lines.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170410222828.23612-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14436.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
... | ... |
@@ -784,7 +784,10 @@ init_key_type(struct key_type *kt, const char *ciphername, |
784 | 784 |
{ |
785 | 785 |
if (warn) |
786 | 786 |
{ |
787 |
- msg(M_WARN, "******* WARNING *******: null cipher specified, no encryption will be used"); |
|
787 |
+ msg(M_WARN, "******* WARNING *******: '--cipher none' was specified. " |
|
788 |
+ "This means NO encryption will be performed and tunnelled " |
|
789 |
+ "data WILL be transmitted in clear text over the network! " |
|
790 |
+ "PLEASE DO RECONSIDER THIS SETTING!"); |
|
788 | 791 |
} |
789 | 792 |
} |
790 | 793 |
if (strcmp(authname, "none") != 0) |
... | ... |
@@ -804,7 +807,11 @@ init_key_type(struct key_type *kt, const char *ciphername, |
804 | 804 |
{ |
805 | 805 |
if (warn) |
806 | 806 |
{ |
807 |
- msg(M_WARN, "******* WARNING *******: null MAC specified, no authentication will be used"); |
|
807 |
+ msg(M_WARN, "******* WARNING *******: '--auth none' was specified. " |
|
808 |
+ "This means no authentication will be performed on received " |
|
809 |
+ "packets, meaning you CANNOT trust that the data received by " |
|
810 |
+ "the remote side have NOT been manipulated. " |
|
811 |
+ "PLEASE DO RECONSIDER THIS SETTING!"); |
|
808 | 812 |
} |
809 | 813 |
} |
810 | 814 |
} |
... | ... |
@@ -2745,7 +2745,10 @@ do_init_crypto_none(const struct context *c) |
2745 | 2745 |
{ |
2746 | 2746 |
ASSERT(!c->options.test_crypto); |
2747 | 2747 |
msg(M_WARN, |
2748 |
- "******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext"); |
|
2748 |
+ "******* WARNING *******: All encryption and authentication features " |
|
2749 |
+ "disabled -- All data will be tunnelled as clear text and will not be " |
|
2750 |
+ "protected against man-in-the-middle changes. " |
|
2751 |
+ "PLEASE DO RECONSIDER THIS CONFIGURATION!"); |
|
2749 | 2752 |
} |
2750 | 2753 |
#endif /* ifdef ENABLE_CRYPTO */ |
2751 | 2754 |
|