Changes between Version 25 and Version 26 of DeprecatedOptions


Ignore:
Timestamp:
03/16/20 18:33:57 (12 months ago)
Author:
matt.kohner@…
Comment:

fixed grammatical errors

Legend:

Unmodified
Added
Removed
Modified
  • DeprecatedOptions

    v25 v26  
    157157||=Examples: =||`--remote-cert-tls server` ||
    158158|| ||`--remote-cert-tls client` ||
    159 As of OpenSSL v1.1, the nsCertType extension in X.509 certificates are no longer supported.  This extension is old and have been deprecated for a long time.  The replacement option, `---remote-cert-tls` is a macro which sets the `--remote-cert-ku` and `--remote-cert-eku` to appropriate values, depending on it is wanted to check if the remote provided certificate is a server or client certificate.  As the extended key usage extension is far more commonly used today, this is effectively the equivalent of `--ns-cert-type`.  For the time being, if `--ns-cert-type` is used in OpenVPN v2.5 or later, it will currently be re-mapped to `--remote-cert-tls` and complain about a deprecated option being used.
     159As of OpenSSL v1.1, the nsCertType extension in X.509 certificates are no longer supported.  This extension is old and has been deprecated for a long time.  The replacement option, `---remote-cert-tls` is a macro which sets the `--remote-cert-ku` and `--remote-cert-eku` to appropriate values, depending on whether you to check if the remote provided certificate is a server certificate or client certificate.  As the extended key usage extension is far more commonly used today, this is effectively the equivalent of `--ns-cert-type`.  For the time being, if `--ns-cert-type` is used in OpenVPN v2.5 or later, it will currently be re-mapped to `--remote-cert-tls` and complain about a deprecated option being used.
    160160
    161161