Hi Jonathan,
On 17-04-15 11:28, Jonathan K. Bullard wrote:
I would like to propose a patch which complains if OpenVPN options
include parameters that are not expected.
If possible, I would like to get a "feature ACK" consensus before I
create the patch. (If I get a "feature NAK" then I won't create the
patch.)
The patch would be to reject options that are followed by extra parameters.
The error message would change from
Options error: Unrecognized option or missing parameter(s)
to
Options error: Unrecognized option or missing or unexpected parameter(s)
Perhaps the current behavior of ignoring "extra" parameters is
purposeful, to allow options to have parameters that are ignored by
"old" versions of OpenVPN but accepted and acted on by "new" versions
of OpenVPN. (I think doing that is not a good idea, but maybe that's
the way the community wants it.)
The patch would break any configurations that have such "extra"
parameters. I think that's good, because the configurations are, well,
wrong. But there could be a lot of such configurations being used with
current versions of OpenVPN -- who knows?
**EXAMPLE**
[...]
Thoughts?
Always ;-)
I agree that silently ignoring extra parameters is not nice. However, I
think that breaking configs after they have worked for many years might
result in too many unpleasant surprises for our users. How would you
feel about just issuing a warning for ignored extra parameters?
-Steffan
