Warn that tls-auth with free form files is going to be removed from OpenVPN 2.4

Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1417872129-31980-2-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9309

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 1fd53b034e739f533c11b27a6224ace3d763e377..80c451b8e920e13e4c492c20991b16ed555963e2 100644 (file)
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -4580,14 +4580,15 @@ An OpenVPN static key file generated by
 .B direction
 parameter is used).
 
-.B (2)
+.B (2) DEPRECATED
 A freeform passphrase file.  In this case the HMAC key will
 be derived by taking a secure hash of this file, similar to
 the
 .BR md5sum (1)
 or
 .BR sha1sum (1)
-commands.
+commands. This option is deprecated and will stop working in OpenVPN 2.4 and
+newer releases.
 
 OpenVPN will first try format (1), and if the file fails to parse as
 a static key file, format (2) will be used.

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 0a5e83f9326ff1ebdb8872d5b707f95cb7a41afc..475c2539c679586da4c08eaa70381076faace79c 100644 (file)
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -787,6 +787,7 @@ get_tls_handshake_key (const struct key_type *key_type,
            msg (M_INFO,
                 "Control Channel Authentication: using '%s' as a free-form passphrase file",
                 passphrase_file);
+           msg (M_WARN, "DEPRECATED OPTION: Using freeform files for tls-auth is deprecated and is not  supported in OpenVPN 2.4 or newer versions");
          }
       }
       /* handle key direction */