> Cannot we set some bit flags in options processing, like > > COMP_WARN_GENERIC 1 << 0 // Compression enabled, Compression has been > used in the past to break encryption. > COMP_WARN_ASYNC 1 << 1 // Enabling decompression of received packet > only. Sent packets are not compressed. > COMP_WARN_ALLOWED_YES 1 << 2 // Using '--allow-compression yes' is > strongly discouraged for common usage. See --compress in the manual > page for more information > > and handle them in options postprocessing - excluding > COMP_ENABLED_WARN_ASYNC if COMP_ENABLED_WARN_YES is set and printing > the message? > Same explaination as last time when Steffan reviewed this patch. The warning should also show up in pushed options. And I don't want to complicate the logic for to avoid an extra warning for a corner case. We reword the message a bit so that two messages are not that bad if both are shown:
WARNING: Compression for receiving enabled, Compression has been used in the past to break encryption. Sent packet are not compress unless "allow-compression yes" is also set. WARNING: Compression for sending and receiving enabled, Compression has been used in the past to break encryption. Allowing compression allows attacks that break encryption. Using '--allow-compression yes' is strongly discouraged for common usage. See --compress in the manual page for more information _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
