--- doc/openvpn.8 | 5 +++-- src/openvpn/crypto.c | 1 + 2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 1fd53b0..3472778 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4580,14 +4580,15 @@ An OpenVPN static key file generated by .B direction parameter is used). -.B (2) +.B (2) DEPRECATED A freeform passphrase file. In this case the HMAC key will be derived by taking a secure hash of this file, similar to the .BR md5sum (1) or .BR sha1sum (1) -commands. +commands. This option is deprecated and will stop working in OpenVPN 2.4 and +newer releases. OpenVPN will first try format (1), and if the file fails to parse as a static key file, format (2) will be used. diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 0a5e83f..475c253 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -787,6 +787,7 @@ get_tls_handshake_key (const struct key_type *key_type, msg (M_INFO, "Control Channel Authentication: using '%s' as a free-form passphrase file", passphrase_file); + msg (M_WARN, "DEPRECATED OPTION: Using freeform files for tls-auth is deprecated and is not supported in OpenVPN 2.4 or newer versions"); } } /* handle key direction */ -- 1.9.3 (Apple Git-50)