diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-27 18:20:52 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-27 18:20:52 +0000 |
| commit | c04bc0223c9b17f203555b933cbeedbf3b343c0e (patch) | |
| tree | 389f41f02909cec0d829a33ce8114b59e82fa9c7 /init.c | |
| parent | Added additional defensive programming to buffer.[ch] functions. (diff) | |
| download | openvpn-c04bc0223c9b17f203555b933cbeedbf3b343c0e.tar.xz | |
Added additional warnings for:
* --tls-remote -- some people misunderstand the semantics
* --script-security -- warn if script-security will allow user-defined
scripts to be called, and also warn separately if passwords may be
passed to scripts via the environment
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3129 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'init.c')
| -rw-r--r-- | init.c | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -1982,6 +1982,8 @@ do_option_warnings (struct context *c) && !(o->ns_cert_type & NS_SSL_SERVER) && !o->remote_cert_eku) msg (M_WARN, "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info."); + if (o->tls_remote) + msg (M_WARN, "WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page)."); #endif #endif @@ -1989,6 +1991,11 @@ do_option_warnings (struct context *c) if (o->ce.connect_timeout_defined) msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS"); #endif + + if (script_security >= SSEC_SCRIPTS) + msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts"); + if (script_security >= SSEC_PW_ENV) + msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables"); } static void |