diff options
| -rw-r--r-- | doc/openvpn.8 | 32 | ||||
| -rw-r--r-- | src/openvpn/options.c | 21 |
2 files changed, 37 insertions, 16 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 829bbd2..998f7ab 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -3462,19 +3462,16 @@ characters in the usernames, X.509 Subject fields and Common Name variables and it complies to the RFC 2253, UTF\-8 String Representation of Distinguished Names. -As a backwards compatibility for the removed \-\-no\-name\-remapping feature in -older OpenVPN versions, the +The .B no\-remapping mode flag can be used with the .B \-\-compat\-names -option. -When this mode flag is used, the Common Name, Subject, and username strings are -allowed to include any printable character including space, but excluding -control characters such as tab, newline, and carriage-return. It ensures -compatibility with the -.B \-\-no\-name\-remapping -option of OpenVPN versions before v2.3. +option to be compatible with the now deprecated \-\-no\-name\-remapping feature +present in older OpenVPN versions. When this mode flag is used, the Common Name, +Subject, and username strings are allowed to include any printable character +including space, but excluding control characters such as tab, newline, and +carriage-return. .B Please note: This option will not be around for a long time. It is only implemented @@ -3483,6 +3480,23 @@ removed either in OpenVPN v2.4 or v2.5. So please make sure you start the process to support the new formatting as soon as possible. .\"********************************************************* .TP +.B \-\-no\-name\-remapping (DEPRECATED) +The +.B \-\-no\-name\-remapping +option is an alias for +.B \-\-compat\-names\ no\-remapping. +It ensures compatibility with configurations using the +.B \-\-no\-name\-remapping +option. + +.B Please note: +This option is now deprecated. It will be removed either in OpenVPN v2.4 +or v2.5. So please make sure you support the new X.509 name formatting +described with the +.B \-\-compat\-names +option as soon as possible. +.\"********************************************************* +.TP .B \-\-port-share host port [dir] When run in TCP server mode, share the OpenVPN port with another application, such as an HTTPS server. If OpenVPN diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 3b5f1e7..dd38bc9 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5561,13 +5561,6 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_GENERAL); options->ssl_flags |= SSLF_AUTH_USER_PASS_OPTIONAL; } - else if (streq (p[0], "compat-names")) - { - VERIFY_PERMISSION (OPT_P_GENERAL); - compat_flag (COMPAT_FLAG_SET | COMPAT_NAMES); - if (p[1] && streq (p[1], "no-remapping")) - compat_flag (COMPAT_FLAG_SET | COMPAT_NO_NAME_REMAPPING); - } else if (streq (p[0], "opt-verify")) { VERIFY_PERMISSION (OPT_P_GENERAL); @@ -6518,6 +6511,20 @@ add_option (struct options *options, options->tls_export_cert = p[1]; } #endif + else if (streq (p[0], "compat-names")) + { + VERIFY_PERMISSION (OPT_P_GENERAL); + compat_flag (COMPAT_FLAG_SET | COMPAT_NAMES); + if (p[1] && streq (p[1], "no-remapping")) + compat_flag (COMPAT_FLAG_SET | COMPAT_NO_NAME_REMAPPING); + } + else if (streq (p[0], "no-name-remapping")) + { + VERIFY_PERMISSION (OPT_P_GENERAL); + msg (M_WARN, "DEPRECATED OPTION: --no-name-remapping, please update your configuration"); + compat_flag (COMPAT_FLAG_SET | COMPAT_NAMES); + compat_flag (COMPAT_FLAG_SET | COMPAT_NO_NAME_REMAPPING); + } else if (streq (p[0], "tls-remote") && p[1]) { VERIFY_PERMISSION (OPT_P_GENERAL); |