Opened 5 years ago
Last modified 4 years ago
#1144 assigned Feature Wish
Update man page -> several invocations of tls-verify, one per cert of the chain
| Reported by: | nitomartinez | Owned by: | David Sommerseth |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Documentation | Version: | OpenVPN git master branch (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
I have been testing openvpn 2.4.6, with a tls-verify script that checks a certificate.
My surprise was that I was getting the whole chain of certificates. That is:
- CA certificate
- X509 client certificate
If possible would it be possible to update the man page (tls-verify section), to state that the script might get invoked for each certificate in the chain, putting special attention to the depth section.
I foumd it hard to find out how it worked (and got the working from the source code), and I thougt it would be useful to feed this info back.
Change History (2)
comment:1 Changed 5 years ago by
comment:2 Changed 4 years ago by
| Owner: | set to David Sommerseth |
|---|---|
| Status: | new → assigned |
You're at the manpage anyway right now... :-)
Note: See
TracTickets for help on using
tickets.
I thought how this works is fairly clear from the sample script (verify-cn and comments there-in) referred to in the man page. I don't know about other distros but debian installs sample scripts in /usr/share/openvpn.
That said improving the man page and other docs is always a good idea.