Hi, On Sun, Feb 15, 2015 at 10:05:07PM +0100, Arne Schwabe wrote: > Am 24.01.15 um 18:04 schrieb Vasily Kulikov: [..] > > OpenVPN itself gets new 'NEED-CERTIFICATE" command which is called when > > --management-external-cert is used. It is implemented as a multiline > > command very similar to an existing 'RSA-SIGN' command. > > > > The patch is against commit 3341a98c2852d1d0c1eafdc70a3bdb218ec29049. > ACK from me to the OpenVPN part. I also tested the patch in OpenVPN for > Android and the RSA-SIGN still works as expected. I have not reviewed > the OS X contrib program (other than a quick glance at the code) but I > think marking it as contrib it should be allowed to be still included.
I hear Arne, and James also ACKed this ("based on testing", which Arne
did).
I'm not merging it yet, though - Vasily, please provide a v4 of the patch
that adds:
- documentation of --management-external-cert in doc/openvpn.8
- documentation of the new management command and response in
doc/management-notes.txt
- fix the typos in the options here (please fix the other one, too):
@@ -2221,6 +2230,8 @@ options_postprocess_verify_ce (const struct options *optio
ns, const struct conne
#ifdef MANAGMENT_EXTERNAL_KEY
if (options->management_flags & MF_EXTERNAL_KEY)
msg(M_USAGE, "Parameter --external-management-key cannot be used whe
n --pkcs12 is also specified.");
+ if (options->management_flags & MF_EXTERNAL_CERT)
+ msg(M_USAGE, "Parameter --external-management-cert cannot be used wh
en --pkcs12 is also specified.");
#endif
#endif
}
... it's "--management-external-*", not "--external-management-*".
With that, I'll merge right away :-)
thanks,
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp1k4t7kJD0_.pgp
Description: PGP signature
