Simplify --genkey option syntax

Instead of requiring users to do "--genkey --secret new.key", allow
them to just do "--genkey new.key".  This has hit me often enough that I
decided to write a patch for it.  Also, the upcoming tls-crypt-v2-genkey
uses a similar syntax and Antonio suggested we should make them consistent.

The documentation is updated to no longer mention the old syntax, but it is
still supported so people who are used to the old syntax can still use it.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20181005150032.16541-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17574.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index de1a1928d8913bd1fcab9322aed96ea200d4efea..084c5415a403b512731147cb6fc69386e4640969 100644 (file)
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5674,20 +5674,22 @@ option.
 Used only for non\-TLS static key encryption mode.
 .\"*********************************************************
 .TP
-.B \-\-genkey
+.B \-\-genkey file
 (Standalone)
-Generate a random key to be used as a shared secret,
-for use with the
+Generate a random key to be used as a shared secret, for use with the
 .B \-\-secret
-option.  This file must be shared with the
-peer over a pre\-existing secure channel such as
-.BR scp (1)
-.
-.\"*********************************************************
-.TP
-.B \-\-secret file
-Write key to
-.B file.
+,
+.B \-\-tls-auth
+or
+.B \-\-tls-crypt
+options.  Stores the key in
+.B file\fR.
+
+If using this for
+.B \-\-secret
+, this file must be shared with the peer over a pre\-existing secure channel
+such as
+.BR scp (1)\fR.
 .\"*********************************************************
 .SS TUN/TAP persistent tunnel config mode:
 Available with Linux 2.4.7+.  These options comprise a standalone mode

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 61fa9833555ce9477630968827af41e7447f2e73..2199af530b241e44b981e26de6b373290a898d32 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -739,10 +739,8 @@ static const char usage_message[] =
     "                                 to access TAP adapter.\n"
 #endif /* ifdef _WIN32 */
     "\n"
-    "Generate a random key (only for non-TLS static key encryption mode):\n"
-    "--genkey        : Generate a random key to be used as a shared secret,\n"
-    "                  for use with the --secret option.\n"
-    "--secret file   : Write key to file.\n"
+    "Generate a new key (for use with --secret, --tls-auth or --tls-crypt):\n"
+    "--genkey file   : Generate a new random key and write to file.\n"
 #ifdef ENABLE_FEATURE_TUN_PERSIST
     "\n"
     "Tun/tap config mode (available with linux 2.4+):\n"
@@ -7518,10 +7516,14 @@ add_option(struct options *options,
         }
         options->shared_secret_file = p[1];
     }
-    else if (streq(p[0], "genkey") && !p[1])
+    else if (streq(p[0], "genkey") && !p[2])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
         options->genkey = true;
+        if (p[1])
+        {
+            options->shared_secret_file = p[1];
+        }
     }
     else if (streq(p[0], "auth") && p[1] && !p[2])
     {