Hi, On Tue, Aug 14, 2012 at 11:57:29AM +0200, David Sommerseth wrote: > From: David Sommerseth <dav...@redhat.com> > > This will cause a warning in the log file if --client-config-dir > is configured but OpenVPN could not find or open the config file > for the connecting client. > > OpenVPN will also look for a file named 'DEFAULT' if a file named > as the client's TLS Common Name cannot be found. To hide this > warning above, create an empty 'DEFAULT' file inside the > --client-config-dir.
I'm not sure I'm happy with that...
> + else
> + {
> + msg (M_WARN, "[CCD] Failed to import client config for
> '%s'",
> + tls_common_name (mi->context.c2.tls_multi, false));
> + }
I find the actual message confusing - what does "fail to *import*" mean?
Naive interpretation is "the file could be found, but there's something
broken with it, like 'syntax errors' or such, but we won't tell you!".
So the message should be more along the lines of:
msg (M_WARN, "[CCD] client config file for '%s' not found (or unreadable),
and no DEFAULT file either",
(while it would be even more nice to show *why* it fails, I can see that
this is a bit tricky to get done without quite some extra code to remember
test results, etc.)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgprgJ82qNnMT.pgp
Description: PGP signature
