From: David Sommerseth <davids@openvpn.net>
Date: Fri, 17 Jul 2020 17:15:44 +0000 (+0200)
Subject: Remove --no-iv
X-Git-Tag: v2.5_beta1~57
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4b4b34da9811da9e6912c89cd68be3cfe1684a97;p=thirdparty%2Fopenvpn.git

Remove --no-iv

This finializes the depreacation started in OpenVPN 2.4, where --no-iv
was made into a NOOP option.

Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200717171544.21632-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20460.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/Changes.rst b/Changes.rst
index 18b03e47a..e5228696a 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -34,6 +34,9 @@ https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
     With the improved and matured data channel cipher negotiation, the use
     of ``ncp-disable`` should not be necessary anymore.
 
+- ``no-iv`` has been removed
+  This option was made into a NOOP option with OpenVPN 2.4.  This has now
+  been completely removed.
 
 Overview of changes in 2.4
 ==========================
diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst
index c24aec0b9..c8e9fc615 100644
--- a/doc/man-sections/server-options.rst
+++ b/doc/man-sections/server-options.rst
@@ -399,7 +399,7 @@ fast hardware. SSL/TLS authentication must be used in this mode.
   ``link-mtu``, ``tun-mtu``, ``proto``, ``ifconfig``,
   ``comp-lzo``, ``fragment``, ``keydir``, ``cipher``,
   ``auth``, ``keysize``, ``secret``, ``no-replay``,
-  ``no-iv``, ``tls-auth``, ``key-method``, ``tls-server``
+  ``tls-auth``, ``key-method``, ``tls-server``
   and ``tls-client``.
 
   This option requires that ``--disable-occ`` NOT be used.
diff --git a/doc/man-sections/unsupported-options.rst b/doc/man-sections/unsupported-options.rst
index 8aff5dd97..05ba3ca20 100644
--- a/doc/man-sections/unsupported-options.rst
+++ b/doc/man-sections/unsupported-options.rst
@@ -19,7 +19,7 @@ longer supported
 
 --no-iv
   Removed in OpenVPN 2.5.  This option should not be used as it weakens the
-  VPN tunnel security.
+  VPN tunnel security.  This has been a NOOP option since OpenVPN 2.4.
 
 --no-replay
   Removed in OpenVPN 2.5.  This option should not be used as it weakens the
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 8e9d845a1..a81336f2c 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -8012,11 +8012,6 @@ add_option(struct options *options,
         VERIFY_PERMISSION(OPT_P_GENERAL);
         options->mute_replay_warnings = true;
     }
-    else if (streq(p[0], "no-iv") && !p[1])
-    {
-        msg(msglevel,
-            "--no-iv is no longer supported. Remove it from client and server configs.");
-    }
     else if (streq(p[0], "replay-persist") && p[1] && !p[2])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);