From b12b961776f40172b035bb716607ce3eac444715 Mon Sep 17 00:00:00 2001 From: James Yonan Date: Tue, 11 Jun 2013 00:25:05 -0600 Subject: [PATCH] Added "setenv opt" directive prefix. If present, and if the directive that follows is recognized, it will be processed as if the "setenv opt" prefix was absent. If present and if the directive that follows is not recognized, the directive will be ignored rather than cause a fatal error. For example, suppose you are distributing a client configuration file and want to set the minimum TLS version that the client requires from the server to 1.2. By using the following directive, setenv opt tls-version-min 1.2 or-highest only newer clients that understand the tls-version-min directive would process it, while older clients would ignore it. (cherry picked from commit 27713761e4110bb92f1c6dfe85db291e8c6e0f56) Signed-off-by: James Yonan URL: http://thread.gmane.org/gmane.network.openvpn.devel/7771 URL: http://thread.gmane.org/gmane.network.openvpn.devel/7744 URL: https://github.com/jamesyonan/openvpn/commit/27713761e4110bb92f1c6dfe85db291e8c6e0f56 Acked-by: Arne Schwabe Acked-by: Gert Doering Signed-off-by: David Sommerseth (cherry picked from commit 2a92fba756d4c1e73300a12ff9e80028a6ab7c09) Signed-off-by: Gert Doering --- doc/openvpn.8 | 5 +++++ src/openvpn/options.c | 13 ++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index c3d95a2c6..6fd6aa332 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -1891,6 +1891,11 @@ reasons for having OpenVPN fail if it detects problems in a config file. Having said that, there are valid reasons for wanting new software features to gracefully degrade when encountered by older software versions. + +It is also possible to tag a single directive so as not to trigger +a fatal error if the directive isn't recognized. To do this, +prepend the following before the directive: +.B setenv opt .\"********************************************************* .TP .B \-\-setenv-safe name value diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 9dc153146..a74639df5 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -4031,7 +4031,18 @@ add_option (struct options *options, const bool pull_mode = BOOL_CAST (permission_mask & OPT_P_PULL_MODE); int msglevel_fc = msglevel_forward_compatible (options, msglevel); - ASSERT (MAX_PARMS >= 5); + ASSERT (MAX_PARMS >= 7); + + /* + * If directive begins with "setenv opt" prefix, don't raise an error if + * directive is unrecognized. + */ + if (streq (p[0], "setenv") && p[1] && streq (p[1], "opt") && !(permission_mask & OPT_P_PULL_MODE)) + { + p += 2; + msglevel_fc = M_WARN; + } + if (!file) { file = "[CMD-LINE]"; -- 2.47.2