Added "setenv opt" directive prefix. If present, and if the

directive that follows is recognized, it will be processed
as if the "setenv opt" prefix was absent.  If present and if
the directive that follows is not recognized, the directive
will be ignored rather than cause a fatal error.

For example, suppose you are distributing a client
configuration file and want to set the minimum TLS version
that the client requires from the server to 1.2.

By using the following directive,

  setenv opt tls-version-min 1.2 or-highest

only newer clients that understand the tls-version-min directive
would process it, while older clients would ignore it.

(cherry picked from commit 27713761e4110bb92f1c6dfe85db291e8c6e0f56)

Signed-off-by: James Yonan <james@openvpn.net>
URL: http://thread.gmane.org/gmane.network.openvpn.devel/7771
URL: http://thread.gmane.org/gmane.network.openvpn.devel/7744
URL: https://github.com/jamesyonan/openvpn/commit/27713761e4110bb92f1c6dfe85db291e8c6e0f56
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

1 files changed, 12 insertions, 1 deletions

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 2191916..d84e908 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -4042,7 +4042,18 @@ add_option (struct options *options,
   const bool pull_mode = BOOL_CAST (permission_mask & OPT_P_PULL_MODE);
   int msglevel_fc = msglevel_forward_compatible (options, msglevel);
 
-  ASSERT (MAX_PARMS >= 5);
+  ASSERT (MAX_PARMS >= 7);
+
+  /*
+   * If directive begins with "setenv opt" prefix, don't raise an error if
+   * directive is unrecognized.
+   */
+  if (streq (p[0], "setenv") && p[1] && streq (p[1], "opt") && !(permission_mask & OPT_P_PULL_MODE))
+    {
+      p += 2;
+      msglevel_fc = M_WARN;
+    }
+
   if (!file)
     {
       file = "[CMD-LINE]";