Re: [Openvpn-devel] [PATCH] Make --cipher/--auth none more explicit on the risks
On 11-04-17 10:55, David Sommerseth wrote: > On 11/04/17 06:26, Simon Matter wrote: >>> The warning provided to --cipher and --auth using the 'none' setting may >>> not have been too clearly understandable to non-developers or people not >>> fully understanding encryption and cryptography. This tries to improve >>> that. >>> >>> While at it, also break up the long source lines. >>> >>> Signed-off-by: David Sommerseth>>> --- >>> src/openvpn/crypto.c | 11 +-- >>> src/openvpn/init.c | 5 - >>> 2 files changed, 13 insertions(+), 3 deletions(-) >>> >>> diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c >>> index 909f725..8a5c723 100644 >>> --- a/src/openvpn/crypto.c >>> +++ b/src/openvpn/crypto.c >>> @@ -784,7 +784,10 @@ init_key_type(struct key_type *kt, const char >>> *ciphername, >>> { >>> if (warn) >>> { >>> -msg(M_WARN, "*** WARNING ***: null cipher specified, >>> no encryption will be used"); >>> +msg(M_WARN, "*** WARNING ***: '--cipher none' was >>> specified. " >>> +"This means NO encryption will be performed and tunnelled >>> " >>> +"data WILL be transmitted in clear text over the network! >>> " >>> +"PLEASE DO RECONIDER THIS SETTING!"); >> >> Hi >> >> Small typos, you may want to 's/RECONIDER/RECONSIDER/g' the patches. > > Meh, yeah, sorry about that. That need to be fixed, but also something > I can fix on-the-fly at commit time; that's an uncritical last minute > change. Just need an ACK first ;-) ACK if you fix the typos :) -Steffan signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Make --cipher/--auth none more explicit on the risks
On 11/04/17 06:26, Simon Matter wrote: >> The warning provided to --cipher and --auth using the 'none' setting may >> not have been too clearly understandable to non-developers or people not >> fully understanding encryption and cryptography. This tries to improve >> that. >> >> While at it, also break up the long source lines. >> >> Signed-off-by: David Sommerseth>> --- >> src/openvpn/crypto.c | 11 +-- >> src/openvpn/init.c | 5 - >> 2 files changed, 13 insertions(+), 3 deletions(-) >> >> diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c >> index 909f725..8a5c723 100644 >> --- a/src/openvpn/crypto.c >> +++ b/src/openvpn/crypto.c >> @@ -784,7 +784,10 @@ init_key_type(struct key_type *kt, const char >> *ciphername, >> { >> if (warn) >> { >> -msg(M_WARN, "*** WARNING ***: null cipher specified, >> no encryption will be used"); >> +msg(M_WARN, "*** WARNING ***: '--cipher none' was >> specified. " >> +"This means NO encryption will be performed and tunnelled >> " >> +"data WILL be transmitted in clear text over the network! >> " >> +"PLEASE DO RECONIDER THIS SETTING!"); > > Hi > > Small typos, you may want to 's/RECONIDER/RECONSIDER/g' the patches. Meh, yeah, sorry about that. That need to be fixed, but also something I can fix on-the-fly at commit time; that's an uncritical last minute change. Just need an ACK first ;-) -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Make --cipher/--auth none more explicit on the risks
> The warning provided to --cipher and --auth using the 'none' setting may > not have been too clearly understandable to non-developers or people not > fully understanding encryption and cryptography. This tries to improve > that. > > While at it, also break up the long source lines. > > Signed-off-by: David Sommerseth> --- > src/openvpn/crypto.c | 11 +-- > src/openvpn/init.c | 5 - > 2 files changed, 13 insertions(+), 3 deletions(-) > > diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c > index 909f725..8a5c723 100644 > --- a/src/openvpn/crypto.c > +++ b/src/openvpn/crypto.c > @@ -784,7 +784,10 @@ init_key_type(struct key_type *kt, const char > *ciphername, > { > if (warn) > { > -msg(M_WARN, "*** WARNING ***: null cipher specified, > no encryption will be used"); > +msg(M_WARN, "*** WARNING ***: '--cipher none' was > specified. " > +"This means NO encryption will be performed and tunnelled > " > +"data WILL be transmitted in clear text over the network! > " > +"PLEASE DO RECONIDER THIS SETTING!"); Hi Small typos, you may want to 's/RECONIDER/RECONSIDER/g' the patches. Regards, Simon -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel