[Openvpn-devel] [XS] Change in openvpn[master]: Deprecate tls-exit option

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

Hello flichtenheld,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/447?usp=email

to review the following change.


Change subject: Deprecate tls-exit option
......................................................................

Deprecate tls-exit option

This option is questionable and I cannot see any reason to actually use it.

Change-Id: I93afff2372c4150d6bddc8c07fd4ebc8bfb0cc3e
---
M Changes.rst
M doc/man-sections/tls-options.rst
M src/openvpn/options.c
3 files changed, 7 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/47/447/1

diff --git a/Changes.rst b/Changes.rst
index 3676dce..922f78d 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -10,6 +10,10 @@
     ``--allow-deprecated-insecure-static-crypto`` but will be removed in
     OpenVPN 2.8.

+```tls-exit``` has been deprecated since it is unclear what the use case
+    for this option is. If you have a valid use case, please reach out since
+    the will otherwise be removed in the future.
+
 Overview of changes in 2.6
 ==========================

diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst
index 908a42a..da5f362 100644
--- a/doc/man-sections/tls-options.rst
+++ b/doc/man-sections/tls-options.rst
@@ -553,7 +553,7 @@
   code.

 --tls-exit
-  Exit on TLS negotiation failure.
+  **DEPRECATED** Exit on TLS negotiation failure.

 --tls-export-cert directory
   Store the certificates the clients use upon connection to this
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 2594b66..5eb1a45 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -608,7 +608,7 @@
     "--tran-window n : Transition window -- old key can live this many 
seconds\n"
     "                  after new key renegotiation begins (default=%d).\n"
     "--single-session: Allow only one session (reset state on restart).\n"
-    "--tls-exit      : Exit on TLS negotiation failure.\n"
+    "--tls-exit      : (DEPRECATED) Exit on TLS negotiation failure.\n"
     "--tls-auth f [d]: Add an additional layer of authentication on top of the 
TLS\n"
     "                  control channel to protect against attacks on the TLS 
stack\n"
     "                  and DoS attacks.\n"
@@ -8960,6 +8960,7 @@
     }
     else if (streq(p[0], "tls-exit") && !p[1])
     {
+        msg(M_WARN, "DEPRECATED OPTION: The option --tls-exit is deprecated.");
         VERIFY_PERMISSION(OPT_P_GENERAL);
         options->tls_exit = true;
     }

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/447?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I93afff2372c4150d6bddc8c07fd4ebc8bfb0cc3e
Gerrit-Change-Number: 447
Gerrit-PatchSet: 1
Gerrit-Owner: plaisthos <arne-open...@rfc2549.org>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-MessageType: newchange


_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel