Use consistent version references

A simple clean-up where the version references have been unified
all those places I could find now.  The versioning scheme used is:

    * OpenVPN 2.x
    * v2.x

We want to avoid:
    * 2.x  (2.4 can be just an ordindary decimal number,
            OID reference, a version number or anything else)
    * OpenVPN v2.x (OpenVPN indicates we're talking about a version)

In addition, several places where it made sense I tried to ensure
the first version reference uses "OpenVPN 2.x" and the following
references in the same section/paragraph uses "v2.x", to set the
context for the version reference.

In Changes.rst modified paragraphs exceeding 80 chars lines where
reformatted as well.

Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20170815205301.14542-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15260.html
Signed-off-by: David Sommerseth <davids@openvpn.net>

Changes.rst

@@ -164,25 +164,26 @@ Deprecated features
 For an up-to-date list of all deprecated options, see this wiki page:
 https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
 
-- ``--key-method 1`` is deprecated in 2.4 and will be removed in 2.5.  Migrate
-  away from ``--key-method 1`` as soon as possible.  The recommended approach
-  is to remove the ``--key-method`` option from the configuration files, OpenVPN
-  will then use ``--key-method 2`` by default.  Note that this requires changing
-  the option in both the client and server side configs.
+- ``--key-method 1`` is deprecated in OpenVPN 2.4 and will be removed in v2.5.
+  Migrate away from ``--key-method 1`` as soon as possible.  The recommended
+  approach is to remove the ``--key-method`` option from the configuration
+  files, OpenVPN will then use ``--key-method 2`` by default.  Note that this
+  requires changing the option in both the client and server side configs.
 
-- ``--tls-remote`` is removed in 2.4, as indicated in the 2.3 man-pages.  Similar
-  functionality is provided via ``--verify-x509-name``, which does the same job in
-  a better way.
+- ``--tls-remote`` is removed in OpenVPN 2.4, as indicated in the v2.3
+  man-pages.  Similar functionality is provided via ``--verify-x509-name``,
+  which does the same job in a better way.
 
-- ``--compat-names`` and ``--no-name-remapping`` were deprecated in 2.3 and will
-  be removed in 2.5.  All scripts and plug-ins depending on the old non-standard
-  X.509 subject formatting must be updated to the standardized formatting.  See
-  the man page for more information.
+- ``--compat-names`` and ``--no-name-remapping`` were deprecated in OpenVPN 2.3
+  and will be removed in v2.5.  All scripts and plug-ins depending on the old
+  non-standard X.509 subject formatting must be updated to the standardized
+  formatting.  See the man page for more information.
 
-- ``--no-iv`` is deprecated in 2.4 and will be removed in 2.5.
+- ``--no-iv`` is deprecated in OpenVPN 2.4 and will be removed in v2.5.
 
-- ``--keysize`` is deprecated and will be removed in v2.6 together
-  with the support of ciphers with cipher block size less than 128 bits.
+- ``--keysize`` is deprecated in OpenVPN 2.4 and will be removed in v2.6
+  together with the support of ciphers with cipher block size less than
+  128-bits.
 
 - ``--comp-lzo`` is deprecated in OpenVPN 2.4.  Use ``--compress`` instead.
 
@@ -317,7 +318,7 @@ Maintainer-visible changes
   files instead of older ones, to provide a unified behaviour across systemd
   based Linux distributions.
 
-- With OpenVPN v2.4, the project has moved over to depend on and actively use
+- With OpenVPN 2.4, the project has moved over to depend on and actively use
   the official C99 standard (-std=c99).  This may fail on some older compiler/libc
   header combinations.  In most of these situations it is recommended to
   use -std=gnu99 in CFLAGS.  This is known to be needed when doing
@@ -339,7 +340,7 @@ New features
 Security
 --------
 - CVE-2017-7522: Fix ``--x509-track`` post-authentication remote DoS
-  A client could crash a 2.4+ mbedtls server, if that server uses the
+  A client could crash a v2.4+ mbedtls server, if that server uses the
   ``--x509-track`` option and the client has a correct, signed and unrevoked
   certificate that contains an embedded NUL in the certificate subject.
   Discovered and reported to the OpenVPN security team by Guido Vranken.
@@ -396,7 +397,7 @@ User-visible Changes
 Bugfixes
 --------
 - Fix fingerprint calculation in mbed TLS builds.  This means that mbed TLS users
-  of OpenVPN 2.4.0, 2.4.1 and 2.4.2 that rely on the values of the
+  of OpenVPN 2.4.0, v2.4.1 and v2.4.2 that rely on the values of the
   ``tls_digest_*`` env vars, or that use ``--verify-hash`` will have to change
   the fingerprint values they check against.  The security impact of the
   incorrect calculation is very minimal; the last few bytes (max 4, typically
@@ -425,17 +426,18 @@ Version 2.4.2
 
 Bugfixes
 --------
-- Fix memory leak introduced in 2.4.1: if ``--remote-cert-tls`` is used, we leaked
-  some memory on each TLS (re)negotiation.
+- Fix memory leak introduced in OpenVPN 2.4.1: if ``--remote-cert-tls`` is
+  used, we leaked some memory on each TLS (re)negotiation.
 
 
 Security
 --------
-- Fix a pre-authentication denial-of-service attack on both clients and servers.
-  By sending a too-large control packet, OpenVPN 2.4.0 or 2.4.1 can be forced
-  to hit an ASSERT() and stop the process.  If ``--tls-auth`` or ``--tls-crypt``
-  is used, only attackers that have the ``--tls-auth`` or ``--tls-crypt`` key
-  can mount an attack. (OSTIF/Quarkslab audit finding 5.1, CVE-2017-7478)
+- Fix a pre-authentication denial-of-service attack on both clients and
+  servers.  By sending a too-large control packet, OpenVPN 2.4.0 or v2.4.1 can
+  be forced to hit an ASSERT() and stop the process.  If ``--tls-auth`` or
+  ``--tls-crypt`` is used, only attackers that have the ``--tls-auth`` or
+  ``--tls-crypt`` key can mount an attack.
+  (OSTIF/Quarkslab audit finding 5.1, CVE-2017-7478)
 
 - Fix an authenticated remote DoS vulnerability that could be triggered by
   causing a packet id roll over.  An attack is rather inefficient; a peer

doc/openvpn.8

@@ -1995,7 +1995,7 @@ could be either
 .B execve
 or 
 .B system. 
-As of OpenVPN v2.3, this flag is no longer accepted.  In most *nix environments the execve()
+As of OpenVPN 2.3, this flag is no longer accepted.  In most *nix environments the execve()
 approach has been used without any issues.
 
 Some directives such as \-\-up allow options to be passed to the external
@@ -2007,7 +2007,7 @@ To run scripts in Windows in earlier OpenVPN
 versions you needed to either add a full path to the script interpreter which can parse the
 script or use the
 .B system
-flag to run these scripts.  As of OpenVPN v2.3 it is now a strict requirement to have
+flag to run these scripts.  As of OpenVPN 2.3 it is now a strict requirement to have
 full path to the script interpreter when running non-executables files.
 This is not needed for executable files, such as .exe, .com, .bat or .cmd files.  For
 example, if you have a Visual Basic script, you must use this syntax now:
@@ -2202,7 +2202,7 @@ passwords, or key pass phrases anymore.  This has certain consequences,
 namely that using a password-protected private key will fail unless the
 .B \-\-askpass
 option is used to tell OpenVPN to ask for the pass phrase (this
-requirement is new in 2.3.7, and is a consequence of calling daemon()
+requirement is new in v2.3.7, and is a consequence of calling daemon()
 before initializing the crypto layer).
 
 Further, using
@@ -2475,7 +2475,7 @@ The
 parameter may be "lzo", "lz4", or empty.  LZO and LZ4
 are different compression algorithms, with LZ4 generally
 offering the best performance with least CPU usage.
-For backwards compatibility with OpenVPN versions before 2.4, use "lzo"
+For backwards compatibility with OpenVPN versions before v2.4, use "lzo"
 (which is identical to the older option "\-\-comp\-lzo yes").
 
 If the
@@ -3774,13 +3774,13 @@ option, this old formatting and remapping will be re-enabled again.  This is
 purely implemented for compatibility reasons when using older plug-ins or
 scripts which does not handle the new formatting or UTF-8 characters.
 .IP
-In OpenVPN v2.3 the formatting of these fields changed into a more
+In OpenVPN 2.3 the formatting of these fields changed into a more
 standardised format.  It now looks like:
 .IP
 .B
 C=US, L=Somewhere, CN=John Doe, emailAddress=john@example.com
 .IP
-The new default format in OpenVPN v2.3 also does not do the character remapping
+The new default format in OpenVPN 2.3 also does not do the character remapping
 which happened earlier.  This new format enables proper support for UTF\-8
 characters in the usernames, X.509 Subject fields and Common Name variables and
 it complies to the RFC 2253, UTF\-8 String Representation of Distinguished
@@ -3800,7 +3800,7 @@ carriage-return. no-remapping is only available on the server side.
 .B Please note:
 This option is immediately deprecated.  It is only implemented
 to make the transition to the new formatting less intrusive.  It will be
-removed in OpenVPN v2.5.  So please update your scripts/plug-ins where necessary.
+removed in OpenVPN 2.5.  So please update your scripts/plug-ins where necessary.
 .\"*********************************************************
 .TP
 .B \-\-no\-name\-remapping
@@ -3816,7 +3816,7 @@ It ensures compatibility with server configurations using the
 option.
 
 .B Please note:
-This option is now deprecated.  It will be removed in OpenVPN v2.5.
+This option is now deprecated.  It will be removed in OpenVPN 2.5.
 So please make sure you support the new X.509 name formatting
 described with the
 .B \-\-compat\-names
@@ -4226,8 +4226,8 @@ will inherit the cipher of the peer if that cipher is different from the local
 .B \-\-cipher
 setting, but the peer cipher is one of the ciphers specified in
 .B \-\-ncp\-ciphers\fR.
-E.g. a non-NCP client (<=2.3, or with \-\-ncp\-disabled set) connecting to a
-NCP server (2.4+) with "\-\-cipher BF-CBC" and "\-\-ncp-ciphers
+E.g. a non-NCP client (<=v2.3, or with \-\-ncp\-disabled set) connecting to a
+NCP server (v2.4+) with "\-\-cipher BF-CBC" and "\-\-ncp-ciphers
 AES-256-GCM:AES-256-CBC" set can either specify "\-\-cipher BF-CBC" or
 "\-\-cipher AES-256-CBC" and both will work.
 
@@ -5037,8 +5037,8 @@ response.
 (required) is a file in OpenVPN static key format which can be generated by
 .B \-\-genkey
 
-Older versions (up to 2.3) supported a freeform passphrase file.
-This is no longer supported in newer versions (2.4+).
+Older versions (up to OpenVPN 2.3) supported a freeform passphrase file.
+This is no longer supported in newer versions (v2.4+).
 
 See the
 .B \-\-secret
@@ -5596,7 +5596,7 @@ Write key to
 .B file.
 .\"*********************************************************
 .SS TUN/TAP persistent tunnel config mode:
-Available with linux 2.4.7+.  These options comprise a standalone mode
+Available with Linux 2.4.7+.  These options comprise a standalone mode
 of OpenVPN which can be used to create and delete persistent tunnels.
 .\"*********************************************************
 .TP
@@ -5923,7 +5923,7 @@ flag.
 .TP
 .B \-\-dhcp\-release
 Ask Windows to release the TAP adapter lease on shutdown.
-This option has no effect now, as it is enabled by default starting with version 2.4.1.
+This option has no effect now, as it is enabled by default starting with OpenVPN 2.4.1.
 .\"*********************************************************
 .TP
 .B \-\-register\-dns
@@ -6206,7 +6206,7 @@ isprint() function to return true.
 
 .B \-\-client\-config\-dir filename as derived from common name or username:
 Alphanumeric, underbar ('_'), dash ('-'), and dot ('.') except for "." or 
-".." as standalone strings.  As of 2.0.1-rc6, the at ('@') character has
+".." as standalone strings.  As of v2.0.1-rc6, the at ('@') character has
 been added as well for compatibility with the common name character class.
 
 .B Environmental variable names:

sample/sample-config-files/client.conf

@@ -110,7 +110,7 @@ tls-auth ta.key 1
 # Select a cryptographic cipher.
 # If the cipher option is used on the server
 # then you must also specify it here.
-# Note that 2.4 client/server will automatically
+# Note that v2.4 client/server will automatically
 # negotiate AES-256-GCM in TLS mode.
 # See also the ncp-cipher option in the manpage
 cipher AES-256-CBC

sample/sample-config-files/server.conf

@@ -246,13 +246,13 @@ tls-auth ta.key 0 # This file is secret
 # Select a cryptographic cipher.
 # This config item must be copied to
 # the client config file as well.
-# Note that 2.4 client/server will automatically
+# Note that v2.4 client/server will automatically
 # negotiate AES-256-GCM in TLS mode.
 # See also the ncp-cipher option in the manpage
 cipher AES-256-CBC
 
 # Enable compression on the VPN link and push the
-# option to the client (2.4+ only, for earlier
+# option to the client (v2.4+ only, for earlier
 # versions see below)
 ;compress lz4-v2
 ;push "compress lz4-v2"

src/openvpn/options.c

@@ -6187,7 +6187,7 @@ add_option(struct options *options,
     else if (streq(p[0], "max-routes") && !p[2])
     {
         msg(M_WARN, "DEPRECATED OPTION: --max-routes option ignored."
-            "The number of routes is unlimited as of version 2.4. "
+            "The number of routes is unlimited as of OpenVPN 2.4. "
             "This option will be removed in a future version, "
             "please remove it from your configuration.");
     }
@@ -7018,7 +7018,7 @@ add_option(struct options *options,
         VERIFY_PERMISSION(OPT_P_GENERAL);
         if (streq(p[1], "env"))
         {
-            msg(M_INFO, "NOTE: --win-sys env is default from OpenVPN v2.3.	 "
+            msg(M_INFO, "NOTE: --win-sys env is default from OpenVPN 2.3.	 "
                 "This entry will now be ignored.  "
                 "Please remove this entry from your configuration file.");
         }
@@ -7864,7 +7864,7 @@ add_option(struct options *options,
             msg(msglevel, "you cannot use --compat-names with --verify-x509-name");
             goto err;
         }
-        msg(M_WARN, "DEPRECATED OPTION: --compat-names, please update your configuration. This will be removed in OpenVPN v2.5.");
+        msg(M_WARN, "DEPRECATED OPTION: --compat-names, please update your configuration. This will be removed in OpenVPN 2.5.");
         compat_flag(COMPAT_FLAG_SET | COMPAT_NAMES);
 #if P2MP_SERVER
         if (p[1] && streq(p[1], "no-remapping"))
@@ -7880,7 +7880,7 @@ add_option(struct options *options,
             msg(msglevel, "you cannot use --no-name-remapping with --verify-x509-name");
             goto err;
         }
-        msg(M_WARN, "DEPRECATED OPTION: --no-name-remapping, please update your configuration. This will be removed in OpenVPN v2.5.");
+        msg(M_WARN, "DEPRECATED OPTION: --no-name-remapping, please update your configuration. This will be removed in OpenVPN 2.5.");
         compat_flag(COMPAT_FLAG_SET | COMPAT_NAMES);
         compat_flag(COMPAT_FLAG_SET | COMPAT_NO_NAME_REMAPPING);
 #endif