Several updates to openvpn.8 (man page updates)

This is a collection of 4 patches sent to the -devel mailing list:
* [PATCH] Frob the openvpn(8) man page tls-verify section to clarify
* [PATCH] More improvments to openvpn(8) --tls-verify
* [PATCH] Yet another tweak of openvpn(8) --tls-verify
* [PATCH] Final frobbing of openvpn(8) --tls-verify

Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>

1 files changed, 13 insertions, 9 deletions

diff --git a/openvpn.8 b/openvpn.8
index 0744d44..f97861e 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -4260,11 +4260,23 @@ test).
 
 .B cmd
 should return 0 to allow the TLS handshake to proceed, or 1 to fail.
+
+Note that
+.B cmd
+is a command line and as such may (if enclosed in quotes) contain
+whitespace separated arguments.  The first word of
+.B cmd
+is the shell command to execute and the remaining words are its
+arguments.
+When
 .B cmd
-is executed as
+is executed two arguments are appended, as follows:
 
 .B cmd certificate_depth X509_NAME_oneline
 
+These arguments are, respectively, the current certificate depth and
+the X509 common name (cn) of the peer.
+
 This feature is useful if the peer you want to trust has a certificate
 which was signed by a certificate authority who also signed many
 other certificates, where you don't necessarily want to trust all of them,
@@ -4278,14 +4290,6 @@ in the OpenVPN distribution.
 
 See the "Environmental Variables" section below for
 additional parameters passed as environmental variables.
-
-Note that
-.B cmd
-can be a shell command with multiple arguments, in which
-case all OpenVPN-generated arguments will be appended
-to
-.B cmd
-to build a command line which will be passed to the script.
 .\"*********************************************************
 .TP
 .B \-\-tls-export-cert directory