Changes between Version 31 and Version 32 of DeprecatedOptions
- Timestamp:
- 07/16/20 18:37:21 (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
DeprecatedOptions
v31 v32 156 156 ||=Status =||Pending removal || 157 157 ||=Deprecated in: =||OpenVPN v2.4 and v2.3.18 || 158 ||=To be removed in: =||'''OpenVPN v2. 5''' ||158 ||=To be removed in: =||'''OpenVPN v2.6 or v2.7''' || 159 159 ||=Affects: =||Client and server || 160 160 ||=Result if used: =||OpenVPN will complain and remap to replacement option|| … … 163 163 || ||`--remote-cert-tls client` || 164 164 As of OpenSSL v1.1, the nsCertType extension in X.509 certificates are no longer supported. This extension is old and has been deprecated for a long time. The replacement option, `--remote-cert-tls` is a macro which sets the `--remote-cert-ku` and `--remote-cert-eku` to appropriate values, depending on whether you to check if the remote provided certificate is a server certificate or client certificate. As the extended key usage extension is far more commonly used today, this is effectively the equivalent of `--ns-cert-type`. For the time being, if `--ns-cert-type` is used in OpenVPN v2.5 or later, it will currently be re-mapped to `--remote-cert-tls` and complain about a deprecated option being used. 165 166 This cannot be turned into a "hard error" for v2.5 due to compatibility issues with OpenVPN AS and commercial upgrade cycles. 165 167 166 168
