From 77c88554a711f94e81f0a7f74e7e04747a02c85a Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sat, 6 Dec 2014 14:22:09 +0100 Subject: [PATCH] Warn that tls-auth with free form files is going to be removed from OpenVPN 2.4 Acked-by: Steffan Karger Message-Id: <1417872129-31980-2-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/9309 Signed-off-by: Gert Doering --- doc/openvpn.8 | 5 +++-- src/openvpn/crypto.c | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 1fd53b034..80c451b8e 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4580,14 +4580,15 @@ An OpenVPN static key file generated by .B direction parameter is used). -.B (2) +.B (2) DEPRECATED A freeform passphrase file. In this case the HMAC key will be derived by taking a secure hash of this file, similar to the .BR md5sum (1) or .BR sha1sum (1) -commands. +commands. This option is deprecated and will stop working in OpenVPN 2.4 and +newer releases. OpenVPN will first try format (1), and if the file fails to parse as a static key file, format (2) will be used. diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 0a5e83f93..475c2539c 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -787,6 +787,7 @@ get_tls_handshake_key (const struct key_type *key_type, msg (M_INFO, "Control Channel Authentication: using '%s' as a free-form passphrase file", passphrase_file); + msg (M_WARN, "DEPRECATED OPTION: Using freeform files for tls-auth is deprecated and is not supported in OpenVPN 2.4 or newer versions"); } } /* handle key direction */ -- 2.47.2