[Openvpn-devel] tls-crypt-v2: clarify --tls-crypt-v2-genkey man page section

Message ID 1540981377-22752-1-git-send-email-steffan.karger@fox-it.com
State Accepted
Headers show
Series
  • [Openvpn-devel] tls-crypt-v2: clarify --tls-crypt-v2-genkey man page section
Related show

Commit Message

Steffan Karger Oct. 31, 2018, 10:22 a.m.
As kitsune1 mentioned in IRC, this section should explain that
"--tls-crypt-v2-genkey client" requires the user to supply the server
key using "--tls-crypt-v2".

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
---
 doc/openvpn.8 | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Antonio Quartulli Nov. 14, 2018, 10:49 a.m. | #1
Hi,

On 31/10/2018 20:22, Steffan Karger wrote:
> As kitsune1 mentioned in IRC, this section should explain that
> "--tls-crypt-v2-genkey client" requires the user to supply the server
> key using "--tls-crypt-v2".
> 
> Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>

Makes sense and, after listening to some people getting confused, it is
good to clarify the procedure.


Acked-by: Antonio Quartulli <antonio@openvpn.net>

> ---
>  doc/openvpn.8 | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/doc/openvpn.8 b/doc/openvpn.8
> index 94b5cc4..f38fba9 100644
> --- a/doc/openvpn.8
> +++ b/doc/openvpn.8
> @@ -5314,6 +5314,11 @@ If no metadata is supplied, OpenVPN will use a 64\-bit unix timestamp
>  representing the current time in UTC, encoded in network order, as metadata for
>  the generated key.
>  
> +A tls\-crypt\-v2 client key is wrapped using a server key.  To generate a
> +client key, the user must therefore supply the server key using the
> +.B \-\-tls\-crypt\-v2
> +option.
> +
>  Servers can use
>  .B \-\-tls\-crypt\-v2\-verify
>  to specify a metadata verification command.
>
Gert Doering Nov. 18, 2018, 2:10 p.m. | #2
Documentation is always welcome :-)

Your patch has been applied to the master branch.

commit 01039891ece9f38f7a17c80e5afc261ab5bcbaf3
Author: Steffan Karger
Date:   Wed Oct 31 11:22:57 2018 +0100

     tls-crypt-v2: clarify --tls-crypt-v2-genkey man page section

     Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
     Acked-by: Antonio Quartulli <antonio@openvpn.net>
     Message-Id: <1540981377-22752-1-git-send-email-steffan.karger@fox-it.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17865.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 94b5cc4..f38fba9 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5314,6 +5314,11 @@  If no metadata is supplied, OpenVPN will use a 64\-bit unix timestamp
 representing the current time in UTC, encoded in network order, as metadata for
 the generated key.
 
+A tls\-crypt\-v2 client key is wrapped using a server key.  To generate a
+client key, the user must therefore supply the server key using the
+.B \-\-tls\-crypt\-v2
+option.
+
 Servers can use
 .B \-\-tls\-crypt\-v2\-verify
 to specify a metadata verification command.