Changes between Version 26 and Version 27 of DeprecatedOptions


Ignore:
Timestamp:
03/17/20 22:52:14 (3 months ago)
Author:
Pippin
Comment:

Corrected --remote-cert-tls

Legend:

Unmodified
Added
Removed
Modified
  • DeprecatedOptions

    v26 v27  
    157157||=Examples: =||`--remote-cert-tls server` ||
    158158|| ||`--remote-cert-tls client` ||
    159 As of OpenSSL v1.1, the nsCertType extension in X.509 certificates are no longer supported.  This extension is old and has been deprecated for a long time.  The replacement option, `---remote-cert-tls` is a macro which sets the `--remote-cert-ku` and `--remote-cert-eku` to appropriate values, depending on whether you to check if the remote provided certificate is a server certificate or client certificate.  As the extended key usage extension is far more commonly used today, this is effectively the equivalent of `--ns-cert-type`.  For the time being, if `--ns-cert-type` is used in OpenVPN v2.5 or later, it will currently be re-mapped to `--remote-cert-tls` and complain about a deprecated option being used.
     159As of OpenSSL v1.1, the nsCertType extension in X.509 certificates are no longer supported.  This extension is old and has been deprecated for a long time.  The replacement option, `--remote-cert-tls` is a macro which sets the `--remote-cert-ku` and `--remote-cert-eku` to appropriate values, depending on whether you to check if the remote provided certificate is a server certificate or client certificate.  As the extended key usage extension is far more commonly used today, this is effectively the equivalent of `--ns-cert-type`.  For the time being, if `--ns-cert-type` is used in OpenVPN v2.5 or later, it will currently be re-mapped to `--remote-cert-tls` and complain about a deprecated option being used.
    160160
    161161