Remove --no-iv

This finializes the depreacation started in OpenVPN 2.4, where --no-iv was made into a NOOP option. Signed-off-by: David Sommerseth <davids@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20200717171544.21632-1-davids@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20460.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
2024-09-20 03:52:28 +02:00 · 2020-07-17 19:15:44 +02:00 · 2020-07-17 19:15:44 +02:00 · 4b4b34da98
commit 4b4b34da98
parent 19fab1f6cf
4 changed files with 5 additions and 7 deletions
--- a/Changes.rst
+++ b/Changes.rst
@ -34,6 +34,9 @@ https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
    With the improved and matured data channel cipher negotiation, the use
    of ``ncp-disable`` should not be necessary anymore.

+- ``no-iv`` has been removed
+  This option was made into a NOOP option with OpenVPN 2.4.  This has now
+  been completely removed.

 Overview of changes in 2.4
 ==========================
--- a/doc/man-sections/server-options.rst
+++ b/doc/man-sections/server-options.rst
@ -399,7 +399,7 @@ fast hardware. SSL/TLS authentication must be used in this mode.
  ``link-mtu``, ``tun-mtu``, ``proto``, ``ifconfig``,
  ``comp-lzo``, ``fragment``, ``keydir``, ``cipher``,
  ``auth``, ``keysize``, ``secret``, ``no-replay``,
-  ``no-iv``, ``tls-auth``, ``key-method``, ``tls-server``
+  ``tls-auth``, ``key-method``, ``tls-server``
  and ``tls-client``.

  This option requires that ``--disable-occ`` NOT be used.
--- a/doc/man-sections/unsupported-options.rst
+++ b/doc/man-sections/unsupported-options.rst
@ -19,7 +19,7 @@ longer supported

 --no-iv
  Removed in OpenVPN 2.5.  This option should not be used as it weakens the
-  VPN tunnel security.
+  VPN tunnel security.  This has been a NOOP option since OpenVPN 2.4.

 --no-replay
  Removed in OpenVPN 2.5.  This option should not be used as it weakens the
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@ -8012,11 +8012,6 @@ add_option(struct options *options,
        VERIFY_PERMISSION(OPT_P_GENERAL);
        options->mute_replay_warnings = true;
    }
-    else if (streq(p[0], "no-iv") && !p[1])
-    {
-        msg(msglevel,
-            "--no-iv is no longer supported. Remove it from client and server configs.");
-    }
    else if (streq(p[0], "replay-persist") && p[1] && !p[2])
    {
        VERIFY_PERMISSION(OPT_P_GENERAL);