---
doc/openvpn.8 | 5 +++--
src/openvpn/crypto.c | 1 +
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 1fd53b0..3472778 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -4580,14 +4580,15 @@ An OpenVPN static key file generated by
.B direction
parameter is used).
-.B (2)
+.B (2) DEPRECATED
A freeform passphrase file. In this case the HMAC key will
be derived by taking a secure hash of this file, similar to
the
.BR md5sum (1)
or
.BR sha1sum (1)
-commands.
+commands. This option is deprecated and will stop working in OpenVPN 2.4 and
+newer releases.
OpenVPN will first try format (1), and if the file fails to parse as
a static key file, format (2) will be used.
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 0a5e83f..475c253 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -787,6 +787,7 @@ get_tls_handshake_key (const struct key_type *key_type,
msg (M_INFO,
"Control Channel Authentication: using '%s' as a free-form
passphrase file",
passphrase_file);
+ msg (M_WARN, "DEPRECATED OPTION: Using freeform files for tls-auth
is deprecated and is not supported in OpenVPN 2.4 or newer versions");
}
}
/* handle key direction */
--
1.9.3 (Apple Git-50)
