Rebase OpenVPN to -master

--HG--
extra : rebase_source : 37025b323cf5e6497cbc92744a32b0b69e397af8

1 files changed, 26 insertions, 0 deletions

diff --git a/openvpn/doc/openvpn.8 b/openvpn/doc/openvpn.8
index 868fb841..573d6a80 100644
--- a/openvpn/doc/openvpn.8
+++ b/openvpn/doc/openvpn.8
@@ -1895,6 +1895,13 @@ It is also possible to tag a single directive so as not to trigger
 a fatal error if the directive isn't recognized.  To do this,
 prepend the following before the directive:
 .B setenv opt
+
+Versions prior to OpenVPN 2.3.3 will always ignore options set with the
+.B setenv opt
+directive.
+
+See also
+.B \-\-ignore-unknown-option
 .\"*********************************************************
 .TP
 .B \-\-setenv-safe name value
@@ -1908,6 +1915,25 @@ is a safety precaution to prevent a LD_PRELOAD style attack
 from a malicious or compromised server.
 .\"*********************************************************
 .TP
+.B \-\-ignore-unknown-option opt1 opt2 opt3 ... optN
+When one of options
+.B opt1 ... optN
+is encountered in the configuration file the configuration
+file parsing does not fail if this OpenVPN version does not
+support the option. Multiple
+.B \-\-ignore-unknown-option
+options can be given to support a larger number of options to ignore.
+
+This option should be used with caution, as there are good security
+reasons for having OpenVPN fail if it detects problems in a
+config file. Having said that, there are valid reasons for wanting
+new software features to gracefully degrade when encountered by
+older software versions.
+
+.B \-\-ignore-unknown-option
+is available since OpenVPN 2.3.3.
+.\"*********************************************************
+.TP
 .B \-\-script-security level
 This directive offers policy-level control over OpenVPN's usage of external programs
 and scripts.  Lower