| Message ID | 1540981377-22752-1-git-send-email-steffan.karger@fox-it.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [Openvpn-devel] tls-crypt-v2: clarify --tls-crypt-v2-genkey man page section | expand |
Hi, On 31/10/2018 20:22, Steffan Karger wrote: > As kitsune1 mentioned in IRC, this section should explain that > "--tls-crypt-v2-genkey client" requires the user to supply the server > key using "--tls-crypt-v2". > > Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Makes sense and, after listening to some people getting confused, it is good to clarify the procedure. Acked-by: Antonio Quartulli <antonio@openvpn.net> > --- > doc/openvpn.8 | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/doc/openvpn.8 b/doc/openvpn.8 > index 94b5cc4..f38fba9 100644 > --- a/doc/openvpn.8 > +++ b/doc/openvpn.8 > @@ -5314,6 +5314,11 @@ If no metadata is supplied, OpenVPN will use a 64\-bit unix timestamp > representing the current time in UTC, encoded in network order, as metadata for > the generated key. > > +A tls\-crypt\-v2 client key is wrapped using a server key. To generate a > +client key, the user must therefore supply the server key using the > +.B \-\-tls\-crypt\-v2 > +option. > + > Servers can use > .B \-\-tls\-crypt\-v2\-verify > to specify a metadata verification command. >
Documentation is always welcome :-)
Your patch has been applied to the master branch.
commit 01039891ece9f38f7a17c80e5afc261ab5bcbaf3
Author: Steffan Karger
Date: Wed Oct 31 11:22:57 2018 +0100
tls-crypt-v2: clarify --tls-crypt-v2-genkey man page section
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1540981377-22752-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17865.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 94b5cc4..f38fba9 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5314,6 +5314,11 @@ If no metadata is supplied, OpenVPN will use a 64\-bit unix timestamp representing the current time in UTC, encoded in network order, as metadata for the generated key. +A tls\-crypt\-v2 client key is wrapped using a server key. To generate a +client key, the user must therefore supply the server key using the +.B \-\-tls\-crypt\-v2 +option. + Servers can use .B \-\-tls\-crypt\-v2\-verify to specify a metadata verification command.
As kitsune1 mentioned in IRC, this section should explain that "--tls-crypt-v2-genkey client" requires the user to supply the server key using "--tls-crypt-v2". Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> --- doc/openvpn.8 | 5 +++++ 1 file changed, 5 insertions(+)