159 | | As of OpenSSL v1.1, the nsCertType extension in X.509 certificates are no longer supported. This extension is old and have been deprecated for a long time. The replacement option, `---remote-cert-tls` is a macro which sets the `--remote-cert-ku` and `--remote-cert-eku` to appropriate values, depending on it is wanted to check if the remote provided certificate is a server or client certificate. As the extended key usage extension is far more commonly used today, this is effectively the equivalent of `--ns-cert-type`. For the time being, if `--ns-cert-type` is used in OpenVPN v2.5 or later, it will currently be re-mapped to `--remote-cert-tls` and complain about a deprecated option being used. |
| 159 | As of OpenSSL v1.1, the nsCertType extension in X.509 certificates are no longer supported. This extension is old and has been deprecated for a long time. The replacement option, `---remote-cert-tls` is a macro which sets the `--remote-cert-ku` and `--remote-cert-eku` to appropriate values, depending on whether you to check if the remote provided certificate is a server certificate or client certificate. As the extended key usage extension is far more commonly used today, this is effectively the equivalent of `--ns-cert-type`. For the time being, if `--ns-cert-type` is used in OpenVPN v2.5 or later, it will currently be re-mapped to `--remote-cert-tls` and complain about a deprecated option being used. |