As promised, remove these options for OpenVPN 2.5.
If a user still uses these, print an error that the user should update it's
configuration. Just printing a warning would cause much more confusing
errors, somewhere in middle of a failed connection attempt because the
(non-compat) names no longer match the expected names.
Signed-off-by: Steffan Karger
---
doc/openvpn.8| 71
src/openvpn/misc.c | 23 -
src/openvpn/misc.h | 6
src/openvpn/options.c| 43
src/openvpn/ssl_verify.c | 67 -
src/openvpn/ssl_verify_openssl.c | 12 ---
6 files changed, 21 insertions(+), 201 deletions(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 5f8569b..94484ab 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -3801,77 +3801,6 @@ the authenticated username as the common name,
rather than the common name from the client cert.
.\"*
.TP
-.B \-\-compat\-names [no\-remapping]
-.B DEPRECATED
-This option will be removed in OpenVPN 2.5
-
-Until OpenVPN v2.3 the format of the X.509 Subject fields was formatted
-like this:
-.IP
-.B
-/C=US/L=Somewhere/CN=John Doe/emailAddress=j...@example.com
-.IP
-In addition the old behaviour was to remap any character other than
-alphanumeric, underscore ('_'), dash ('\-'), dot ('.'), and slash ('/') to
-underscore ('_'). The X.509 Subject string as returned by the
-.B tls_id
-environmental variable, could additionally contain colon (':') or equal ('=').
-.IP
-When using the
-.B \-\-compat\-names
-option, this old formatting and remapping will be re\-enabled again. This is
-purely implemented for compatibility reasons when using older plug\-ins or
-scripts which does not handle the new formatting or UTF\-8 characters.
-.IP
-In OpenVPN 2.3 the formatting of these fields changed into a more
-standardised format. It now looks like:
-.IP
-.B
-C=US, L=Somewhere, CN=John Doe, emailAddress=j...@example.com
-.IP
-The new default format in OpenVPN 2.3 also does not do the character remapping
-which happened earlier. This new format enables proper support for UTF\-8
-characters in the usernames, X.509 Subject fields and Common Name variables and
-it complies to the RFC 2253, UTF\-8 String Representation of Distinguished
-Names.
-
-The
-.B no\-remapping
-mode flag can be used with the
-.B
-\-\-compat\-names
-option to be compatible with the now deprecated \-\-no\-name\-remapping option.
-It is only available at the server. When this mode flag is used, the Common
Name,
-Subject, and username strings are allowed to include any printable character
-including space, but excluding control characters such as tab, newline, and
-carriage\-return. no\-remapping is only available on the server side.
-
-.B Please note:
-This option is immediately deprecated. It is only implemented
-to make the transition to the new formatting less intrusive. It will be
-removed in OpenVPN 2.5. So please update your scripts/plug\-ins where
necessary.
-.\"*
-.TP
-.B \-\-no\-name\-remapping
-.B DEPRECATED
-This option will be removed in OpenVPN 2.5
-
-The
-.B \-\-no\-name\-remapping
-option is an alias for
-.B \-\-compat\-names\ no\-remapping.
-It ensures compatibility with server configurations using the
-.B \-\-no\-name\-remapping
-option.
-
-.B Please note:
-This option is now deprecated. It will be removed in OpenVPN 2.5.
-So please make sure you support the new X.509 name formatting
-described with the
-.B \-\-compat\-names
-option as soon as possible.
-.\"*
-.TP
.B \-\-port\-share host port [dir]
When run in TCP server mode, share the OpenVPN port with
another application, such as an HTTPS server. If OpenVPN
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index d75b768..f5a27dc 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -666,29 +666,6 @@ sanitize_control_message(const char *src, struct gc_arena
*gc)
return ret;
}
-/**
- * Will set or query for a global compat flag. To modify the compat flags
- * the COMPAT_FLAG_SET must be bitwise ORed together with the flag to set.
- * If no "operator" flag is given it defaults to COMPAT_FLAG_QUERY,
- * which returns the flag state.
- *
- * @param flag Flag to be set/queried for bitwise ORed with the operator flag
- * @return Returns 0 if the flag is not set, otherwise the 'flag' value is
returned
- */
-bool
-compat_flag(unsigned int flag)
-{
-static unsigned int compat_flags = 0;
-
-if (flag & COMPAT_FLAG_SET)
-{
-compat_flags |= (flag >> 1);
-}
-
-return (compat_flags & (flag >> 1));
-
-}
-
#if P2MP_SERVER
/* helper to parse peer_info received from multi client, validate
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
index a54185f..009425f 100644
---