Hi, > Warning for comp-lzo/compress are not generated in the post option check > (options_postprocess_mutate) since these warnings should also be shown > on pushed options. Moving the showing the warning showing for
Typo in the last sentence. If I want to use compression and specify algorithm, I got confusing warnings: ➜ openvpn git:(master) ✗ sudo src/openvpn/openvpn --config ~/lev.ovpn --compress lz4-v2 --allow-compression yes Thu May 14 16:16:26 2020 WARNING: Compression enabled, Compression has been used in the past to break encryption. Enabling decompression of received packet only. Sent packets are not compressed. Thu May 14 16:16:26 2020 WARNING: Compression enabled, Compression has beenused in the past to break encryption. Allowing compression allows attacks that break encryption. Using '--allow-compression yes' is strongly discouraged for common usage. See --compress in the manual page for more information Thu May 14 16:16:26 2020 OpenVPN 2.5_git [git:master/6001784afd89c4e9+] x86_64-apple-darwin19.4.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 14 2020 1) The first warning is wrong, since I explicitly allowed compression. Also it has unneeded whitespace in the beginning. 2) The second warning is missing whitespace ("beenused"). > The logic of warnings etc in options.c has not been changed > since adding all the code to mutate_options would a lot more > and more complicated code and after discussion we decided that > it is okay as is. Cannot we set some bit flags in options processing, like COMP_WARN_GENERIC 1 << 0 // Compression enabled, Compression has been used in the past to break encryption. COMP_WARN_ASYNC 1 << 1 // Enabling decompression of received packet only. Sent packets are not compressed. COMP_WARN_ALLOWED_YES 1 << 2 // Using '--allow-compression yes' is strongly discouraged for common usage. See --compress in the manual page for more information and handle them in options postprocessing - excluding COMP_ENABLED_WARN_ASYNC if COMP_ENABLED_WARN_YES is set and printing the message? -- -Lev _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel