Opened 15 months ago

Last modified 3 months ago

#1144 assigned Feature Wish

Update man page -> several invocations of tls-verify, one per cert of the chain

Reported by: nitomartinez Owned by: David Sommerseth
Priority: minor Milestone:
Component: Documentation Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

I have been testing openvpn 2.4.6, with a tls-verify script that checks a certificate.

My surprise was that I was getting the whole chain of certificates. That is:

  • CA certificate
  • X509 client certificate

If possible would it be possible to update the man page (tls-verify section), to state that the script might get invoked for each certificate in the chain, putting special attention to the depth section.

I foumd it hard to find out how it worked (and got the working from the source code), and I thougt it would be useful to feed this info back.

Change History (2)

comment:1 Changed 15 months ago by selvanair

I thought how this works is fairly clear from the sample script (verify-cn and comments there-in) referred to in the man page. I don't know about other distros but debian installs sample scripts in /usr/share/openvpn.

That said improving the man page and other docs is always a good idea.

comment:2 Changed 3 months ago by Gert Döring

Owner: set to David Sommerseth
Status: newassigned

You're at the manpage anyway right now... :-)

Note: See TracTickets for help on using tickets.