Skip to content
Browse files

Added "setenv opt" directive prefix. If present, and if the

directive that follows is recognized, it will be processed
as if the "setenv opt" prefix was absent.  If present and if
the directive that follows is not recognized, the directive
will be ignored rather than cause a fatal error.

For example, suppose you are distributing a client
configuration file and want to set the minimum TLS version
that the client requires from the server to 1.2.

By using the following directive,

  setenv opt tls-version-min 1.2 or-highest

only newer clients that understand the tls-version-min directive
would process it, while older clients would ignore it.
  • Loading branch information...
1 parent 03a5599 commit 27713761e4110bb92f1c6dfe85db291e8c6e0f56 @jamesyonan committed Jun 11, 2013
Showing with 17 additions and 1 deletion.
  1. +5 −0 doc/openvpn.8
  2. +12 −1 src/openvpn/options.c
5 doc/openvpn.8
@@ -1880,6 +1880,11 @@ reasons for having OpenVPN fail if it detects problems in a
config file. Having said that, there are valid reasons for wanting
new software features to gracefully degrade when encountered by
older software versions.
+It is also possible to tag a single directive so as not to trigger
+a fatal error if the directive isn't recognized. To do this,
+prepend the following before the directive:
+.B setenv opt
.B \-\-setenv-safe name value
13 src/openvpn/options.c
@@ -4047,7 +4047,18 @@ add_option (struct options *options,
const bool pull_mode = BOOL_CAST (permission_mask & OPT_P_PULL_MODE);
int msglevel_fc = msglevel_forward_compatible (options, msglevel);
+ /*
+ * If directive begins with "setenv opt" prefix, don't raise an error if
+ * directive is unrecognized.
+ */
+ if (streq (p[0], "setenv") && p[1] && streq (p[1], "opt") && !(permission_mask & OPT_P_PULL_MODE))
+ {
+ p += 2;
+ msglevel_fc = M_WARN;
+ }
if (!file)
file = "[CMD-LINE]";

0 comments on commit 2771376

Please sign in to comment.
Something went wrong with that request. Please try again.