4 files changed, 10 insertions, 3 deletions

diff --git a/common.h b/common.h
index 844108f..7aa70a5 100644
--- a/common.h
+++ b/common.h
@@ -81,4 +81,9 @@ typedef unsigned long ptr_type;
 #define INLINE_FILE_TAG "[[INLINE]]"
 #endif
 
+/*
+ * Script security warning
+ */
+#define SCRIPT_SECURITY_WARNING "openvpn_execve: external program may not be called unless '--script-security 2' or higher is enabled.  See --help text for detailed info."
+
 #endif
diff --git a/init.c b/init.c
index 9686483..fc37ac0 100644
--- a/init.c
+++ b/init.c
@@ -1999,8 +1999,10 @@ do_option_warnings (struct context *c)
 
   if (script_security >= SSEC_SCRIPTS)
     msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
-  if (script_security >= SSEC_PW_ENV)
+  else if (script_security >= SSEC_PW_ENV)
     msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
+  else
+    msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables");
 }
 
 static void
diff --git a/misc.c b/misc.c
index d6a57c1..911e911 100644
--- a/misc.c
+++ b/misc.c
@@ -528,7 +528,7 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i
 	}
       else
 	{
-	  msg (M_WARN, "openvpn_execve: external program may not be called due to setting of --script-security level");
+	  msg (M_WARN, SCRIPT_SECURITY_WARNING);
 	}
 #else
       msg (M_WARN, "openvpn_execve: execve function not available");
diff --git a/win32.c b/win32.c
index f427322..9272cb7 100644
--- a/win32.c
+++ b/win32.c
@@ -949,7 +949,7 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i
 	}
       else
 	{
-	  msg (M_WARN, "openvpn_execve: external program may not be called due to setting of --script-security level");
+	  msg (M_WARN, SCRIPT_SECURITY_WARNING);
 	}
     }
   else