diff options
Diffstat (limited to 'openvpn.8')
| -rw-r--r-- | openvpn.8 | 101 |
1 files changed, 54 insertions, 47 deletions
@@ -205,15 +205,15 @@ openvpn \- secure IP tunnel daemon. [\ \fB\-\-ping\-restart\fR\ \fIn\fR\ ] [\ \fB\-\-ping\-timer\-rem\fR\ ] [\ \fB\-\-ping\fR\ \fIn\fR\ ] +[\ \fB\-\-pkcs11\-cert\-private\fR\ \fI[0|1]...\fR\ ] +[\ \fB\-\-pkcs11\-id\fR\ \fIname\fR\ ] +[\ \fB\-\-pkcs11\-id\-type\fR\ \fItype\fR\ ] +[\ \fB\-\-pkcs11\-pin\-cache\fR\ \fIseconds\fR\ ] +[\ \fB\-\-pkcs11\-protected\-authentication\fR\ \fI[0|1]...\fR\ ] [\ \fB\-\-pkcs11\-providers\fR\ \fIprovider...\fR\ ] [\ \fB\-\-pkcs11\-sign\-mode\fR\ \fImode...\fR\ ] -[\ \fB\-\-pkcs11\-slot\-type\fR\ \fItype\fR\ ] [\ \fB\-\-pkcs11\-slot\fR\ \fIname\fR\ ] -[\ \fB\-\-pkcs11\-id\-type\fR\ \fItype\fR\ ] -[\ \fB\-\-pkcs11\-id\fR\ \fIname\fR\ ] -[\ \fB\-\-pkcs11\-pin\-cache\fR\ \fIseconds\fR\ ] -[\ \fB\-\-pkcs11\-protected\-authentication\fR\ ] -[\ \fB\-\-pkcs11\-cert\-private\fR\ ] +[\ \fB\-\-pkcs11\-slot\-type\fR\ \fItype\fR\ ] [\ \fB\-\-pkcs12\fR\ \fIfile\fR\ ] [\ \fB\-\-plugin\fR\ \fImodule\-pathname\ init\-string\fR\ ] [\ \fB\-\-port\fR\ \fIport\fR\ ] @@ -257,8 +257,8 @@ openvpn \- secure IP tunnel daemon. [\ \fB\-\-show\-ciphers\fR\ ] [\ \fB\-\-show\-digests\fR\ ] [\ \fB\-\-show\-engines\fR\ ] -[\ \fB\-\-show\-pkcs11\-slots\fR\ \fIprovider\fR\ ] [\ \fB\-\-show\-pkcs11\-objects\fR\ \fIprovider\ slot\fR\ ] +[\ \fB\-\-show\-pkcs11\-slots\fR\ \fIprovider\fR\ ] [\ \fB\-\-show\-net\-up\fR\ ] [\ \fB\-\-show\-net\fR\ ] [\ \fB\-\-show\-tls\fR\ ] @@ -3620,6 +3620,39 @@ and .B --key. .\"********************************************************* .TP +.B --pkcs11-cert-private [0|1]... +Set if access to certificate object should be performed after login. +Every provider has its own setting. +.\"********************************************************* +.TP +.B --pkcs11-id name +Specify a name of the object to search for. +.\"********************************************************* +.TP +.B --pkcs11-id-type type +Specify how to locate the correct objects. Type can be one of the following: + +.B 'id' +-- Locate by the id attribte, name should be hex encoded string. +.br +.B 'label' +-- Locate by the label attribute, name should be string. +.br +.B 'subject' +-- Locate by certificate subject attribute, name should be string. +.br +.\"********************************************************* +.TP +.B --pkcs11-pin-cache seconds +Specify how many seconds the PIN can be cached, the default is until the token is removed. +.\"********************************************************* +.TP +.B --pkcs11-protected-authentication [0|1]... +Use PKCS#11 protected authentication path, useful for biometric and external +keypad devices. +Every provider has its own setting. +.\"********************************************************* +.TP .B --pkcs11-providers provider... Specify a RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) providers to load. @@ -3636,21 +3669,30 @@ for each provider. Mode can be one of the following: .B 'auto' (default) -- Try to determind automatically. .br +.B 'sign' +-- Use Sign. +.br .B 'recover' -- Use SignRecover. .br -.B 'sign' --- Use Sign. +.B 'any' +-- Use Sign and if not supported use SignRecover. .br .\"********************************************************* .TP +.B --pkcs11-slot name +Specify a name of the slot to search for. +.\"********************************************************* +.TP .B --pkcs11-slot-type type Specify how to locate the correct slot. Type can be one of the following: .B 'id' --- Locate the slot by a numeric id. The format is [provider:]id, for example, slot 2 of provider 1 -is encoded as 1:2. If you have only one provider you can omit the provider number. -The provider number is set by the order specified in the --pkcs11-providers option. +-- Locate the slot by a numeric id. The format is [provider:]id, for example, slot 2 of provider a.so +should be encoded as a.so:2. If you have only one provider you can omit the provider name. +The provider name is set by the name specified in the +.B --pkcs11-providers +option. .br .B 'name' -- Locate the slot by its name. @@ -3660,41 +3702,6 @@ The provider number is set by the order specified in the --pkcs11-providers opti .br .\"********************************************************* .TP -.B --pkcs11-slot name -Specify a name of the slot to search for. -.\"********************************************************* -.TP -.B --pkcs11-id-type type -Specify how to locate the correct objects. Type can be one of the following: - -.B 'id' --- Locate by the id attribte, name should be hex encoded string. -.br -.B 'label' --- Locate by the label attribute, name should be string. -.br -.B 'subject' --- Locate by certificate subject attribute, name should be string. -.br -.\"********************************************************* -.TP -.B --pkcs11-id name -Specify a name of the object to search for. -.\"********************************************************* -.TP -.B --pkcs11-pin-cache seconds -Specify how many seconds the PIN can be cached, the default is until the token is removed. -.\"********************************************************* -.TP -.B --pkcs11-protected-authentication -Use PKCS#11 protected authentication path, useful for biometric and external -keypad devices. -.\"********************************************************* -.TP -.B --pkcs11-cert-private -Set if access to certificate object should be performed after login. -.\"********************************************************* -.TP .B --cryptoapicert select-string Load the certificate and private key from the Windows Certificate System Store (Windows Only). |