aboutsummaryrefslogtreecommitdiff
path: root/openvpn.8
diff options
context:
space:
mode:
authorKarl O. Pinc <kop@mofo.meme.com>2010-03-02 21:41:06 +0100
committerDavid Sommerseth <dazo@users.sourceforge.net>2010-10-21 21:11:46 +0200
commitd04b8582a8d9cda4e886019c81f24712663e97b4 (patch)
tree7a45783facacd361d2c0852592678711e2e3dbf9 /openvpn.8
parentenhance tls-verify possibility (diff)
downloadopenvpn-d04b8582a8d9cda4e886019c81f24712663e97b4.tar.xz
Several updates to openvpn.8 (man page updates)
This is a collection of 4 patches sent to the -devel mailing list: * [PATCH] Frob the openvpn(8) man page tls-verify section to clarify * [PATCH] More improvments to openvpn(8) --tls-verify * [PATCH] Yet another tweak of openvpn(8) --tls-verify * [PATCH] Final frobbing of openvpn(8) --tls-verify Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Diffstat (limited to '')
-rw-r--r--openvpn.822
1 files changed, 13 insertions, 9 deletions
diff --git a/openvpn.8 b/openvpn.8
index 0744d44..f97861e 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -4260,11 +4260,23 @@ test).
.B cmd
should return 0 to allow the TLS handshake to proceed, or 1 to fail.
+
+Note that
+.B cmd
+is a command line and as such may (if enclosed in quotes) contain
+whitespace separated arguments. The first word of
+.B cmd
+is the shell command to execute and the remaining words are its
+arguments.
+When
.B cmd
-is executed as
+is executed two arguments are appended, as follows:
.B cmd certificate_depth X509_NAME_oneline
+These arguments are, respectively, the current certificate depth and
+the X509 common name (cn) of the peer.
+
This feature is useful if the peer you want to trust has a certificate
which was signed by a certificate authority who also signed many
other certificates, where you don't necessarily want to trust all of them,
@@ -4278,14 +4290,6 @@ in the OpenVPN distribution.
See the "Environmental Variables" section below for
additional parameters passed as environmental variables.
-
-Note that
-.B cmd
-can be a shell command with multiple arguments, in which
-case all OpenVPN-generated arguments will be appended
-to
-.B cmd
-to build a command line which will be passed to the script.
.\"*********************************************************
.TP
.B \-\-tls-export-cert directory