Added "setenv opt" directive prefix. If present, and if the

directive that follows is recognized, it will be processed
as if the "setenv opt" prefix was absent.  If present and if
the directive that follows is not recognized, the directive
will be ignored rather than cause a fatal error.

For example, suppose you are distributing a client
configuration file and want to set the minimum TLS version
that the client requires from the server to 1.2.

By using the following directive,

  setenv opt tls-version-min 1.2 or-highest

only newer clients that understand the tls-version-min directive
would process it, while older clients would ignore it.

(cherry picked from commit 27713761e4110bb92f1c6dfe85db291e8c6e0f56)

Signed-off-by: James Yonan <james@openvpn.net>
URL: http://thread.gmane.org/gmane.network.openvpn.devel/7771
URL: http://thread.gmane.org/gmane.network.openvpn.devel/7744
URL: https://github.com/jamesyonan/openvpn/commit/27713761e4110bb92f1c6dfe85db291e8c6e0f56
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
(cherry picked from commit 2a92fba756d4c1e73300a12ff9e80028a6ab7c09)

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index c3d95a2c6cd4697232004f5618309a370c801e76..6fd6aa33210f15ecbca72a64b25a3bfbe584e407 100644 (file)
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -1891,6 +1891,11 @@ reasons for having OpenVPN fail if it detects problems in a
 config file.  Having said that, there are valid reasons for wanting
 new software features to gracefully degrade when encountered by
 older software versions.
+
+It is also possible to tag a single directive so as not to trigger
+a fatal error if the directive isn't recognized.  To do this,
+prepend the following before the directive:
+.B setenv opt
 .\"*********************************************************
 .TP
 .B \-\-setenv-safe name value

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 9dc15314606baff0181d333a6b325ffc94414d15..a74639df551d0dfc16bf9167007262174ebf35fe 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -4031,7 +4031,18 @@ add_option (struct options *options,
   const bool pull_mode = BOOL_CAST (permission_mask & OPT_P_PULL_MODE);
   int msglevel_fc = msglevel_forward_compatible (options, msglevel);
 
-  ASSERT (MAX_PARMS >= 5);
+  ASSERT (MAX_PARMS >= 7);
+
+  /*
+   * If directive begins with "setenv opt" prefix, don't raise an error if
+   * directive is unrecognized.
+   */
+  if (streq (p[0], "setenv") && p[1] && streq (p[1], "opt") && !(permission_mask & OPT_P_PULL_MODE))
+    {
+      p += 2;
+      msglevel_fc = M_WARN;
+    }
+
   if (!file)
     {
       file = "[CMD-LINE]";