aboutsummaryrefslogtreecommitdiff
path: root/management
diff options
context:
space:
mode:
Diffstat (limited to 'management')
-rw-r--r--management/management-notes.txt53
1 files changed, 49 insertions, 4 deletions
diff --git a/management/management-notes.txt b/management/management-notes.txt
index dcbc7ce..73f82a5 100644
--- a/management/management-notes.txt
+++ b/management/management-notes.txt
@@ -382,7 +382,7 @@ Command examples:
Query for new input and retry.
COMMAND -- needok (OpenVPN 2.1 or higher)
---------------------------------------
+------------------------------------------
Confirm a ">NEED-OK" real-time notification, normally used by
OpenVPN to block while waiting for a specific user action.
@@ -403,6 +403,47 @@ Example:
or
needok token-insertion-request cancel
+COMMAND -- needstr (OpenVPN 2.1 or higher)
+-------------------------------------------
+
+Confirm a ">NEED-STR" real-time notification, normally used by
+OpenVPN to block while waiting for a specific user input.
+
+Example:
+
+ OpenVPN needs the user to specify some input, so it sends a
+ real-time notification:
+
+ >NEED-STR:Need 'name' input MSG:Please specify your name
+
+ The management client, if it is a GUI, can flash a dialog
+ box containing the text after the "MSG:" marker to the user.
+ When the user acknowledges the dialog box,
+ the management client can issue this command:
+
+ needstr name "John"
+
+COMMAND -- pkcs11-id-count (OpenVPN 2.1 or higher)
+---------------------------------------------------
+
+Retrieve available number of certificates.
+
+Example:
+
+ pkcs11-id-count
+ >PKCS11ID-COUNT:5
+
+COMMAND -- pkcs11-id-get (OpenVPN 2.1 or higher)
+-------------------------------------------------
+
+Retrieve certificate by index, the ID string should be provided
+as PKCS#11 identity, the blob is BASE64 encoded certificate.
+
+Example:
+
+ pkcs11-id-get 1
+ PKCS11ID-ENTRY:'1', ID:'<snip>', BLOB:'<snip>'
+
OUTPUT FORMAT
-------------
@@ -445,6 +486,10 @@ NEED-OK -- OpenVPN needs the end user to do something, such as
insert a cryptographic token. The "needok" command can
be used to tell OpenVPN to continue.
+NEED-STR -- OpenVPN needs information from end, such as
+ a certificate to use. The "needstr" command can
+ be used to tell OpenVPN to continue.
+
PASSWORD -- Used to tell the management client that OpenVPN
needs a password, also to indicate password
verification failure.
@@ -460,11 +505,11 @@ as is used by the OpenVPN config file parser.
Whitespace is a parameter separator.
-Double quotation characters ("") can be used to enclose
-parameters containing whitespace.
+Double quotation or single quotation characters ("", '') can be used
+to enclose parameters containing whitespace.
Backslash-based shell escaping is performed, using the following
-mappings:
+mappings, when not in single quotations:
\\ Maps to a single backslash character (\).
\" Pass a literal doublequote character ("), don't