From: Selva Nair Date: Mon, 2 Mar 2026 14:18:02 +0000 (+0100) Subject: Document management client versions X-Git-Tag: v2.7.1~23 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=cb154f0363376deda076c3b0ec6cf3c640fd1e86;p=thirdparty%2Fopenvpn.git Document management client versions Also add an enum to keep track of client version updates. Change-Id: I1c01fa1bc7d65ac060b334724feb56ef4d0b5d35 Signed-off-by: Selva Nair Acked-by: Arne Schwabe Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1552 Message-Id: <20260302141811.5697-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35805.html Signed-off-by: Gert Doering (cherry picked from commit d5814ecd2323ec7c2e6dad2cbf3884c031d9a5a3) --- diff --git a/doc/management-notes.txt b/doc/management-notes.txt index 86b74f336..41e2a9142 100644 --- a/doc/management-notes.txt +++ b/doc/management-notes.txt @@ -496,6 +496,10 @@ Note: Until version 3, no response was generated when client sets its version. This was fixed starting version 4: clients should expect "SUCCESS: .. " message only when setting the version to >= 4. +Minimum client version required for certain features is listed below: + >PK_SIGN:[base64] -- version 2 or greater + >PK_SIGN:[base64],[alg] -- version 3 or greater + COMMAND -- auth-retry --------------------- diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 03ff5b377..d26c9b2cd 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -61,6 +61,17 @@ /* tag for blank username/password */ static const char blank_up[] = "[[BLANK]]"; +/* + * Management client versions indicating feature support in client. + * Append new values as needed but do not change exisiting ones. + */ +enum mcv +{ + MCV_DEFAULT = 1, + MCV_PKSIGN = 2, + MCV_PKSIGN_ALG = 3, +}; + struct management *management; /* GLOBAL */ /* static forward declarations */ @@ -1333,8 +1344,8 @@ set_client_version(struct management *man, const char *version) if (version) { man->connection.client_version = atoi(version); - /* Prior to version 3, we missed to respond to this command. Acknowledge only if version >= 4 */ - if (man->connection.client_version >= 4) + /* Until MCV_PKSIGN_ALG, we missed to respond to this command. Acknowledge only if version is newer */ + if (man->connection.client_version > MCV_PKSIGN_ALG) { msg(M_CLIENT, "SUCCESS: Management client version set to %d", man->connection.client_version); } @@ -2656,7 +2667,7 @@ man_connection_init(struct management *man) man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST); } - man->connection.client_version = 1; /* default version */ + man->connection.client_version = MCV_DEFAULT; /* default version */ /* * Listen/connect socket @@ -3776,14 +3787,14 @@ management_query_pk_sig(struct management *man, const char *b64_data, const char const char *desc = "pk-sign"; struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20); - if (man->connection.client_version <= 1) + if (man->connection.client_version <= MCV_DEFAULT) { prompt = "RSA_SIGN"; desc = "rsa-sign"; } buf_write(&buf_data, b64_data, (int)strlen(b64_data)); - if (man->connection.client_version > 2) + if (man->connection.client_version >= MCV_PKSIGN_ALG) { buf_write(&buf_data, ",", (int)strlen(",")); buf_write(&buf_data, algorithm, (int)strlen(algorithm));