Hi, On Sun, Feb 15, 2015 at 10:05:07PM +0100, Arne Schwabe wrote: > Am 24.01.15 um 18:04 schrieb Vasily Kulikov: [..] > > OpenVPN itself gets new 'NEED-CERTIFICATE" command which is called when > > --management-external-cert is used. It is implemented as a multiline > > command very similar to an existing 'RSA-SIGN' command. > > > > The patch is against commit 3341a98c2852d1d0c1eafdc70a3bdb218ec29049. > ACK from me to the OpenVPN part. I also tested the patch in OpenVPN for > Android and the RSA-SIGN still works as expected. I have not reviewed > the OS X contrib program (other than a quick glance at the code) but I > think marking it as contrib it should be allowed to be still included.
I hear Arne, and James also ACKed this ("based on testing", which Arne did). I'm not merging it yet, though - Vasily, please provide a v4 of the patch that adds: - documentation of --management-external-cert in doc/openvpn.8 - documentation of the new management command and response in doc/management-notes.txt - fix the typos in the options here (please fix the other one, too): @@ -2221,6 +2230,8 @@ options_postprocess_verify_ce (const struct options *optio ns, const struct conne #ifdef MANAGMENT_EXTERNAL_KEY if (options->management_flags & MF_EXTERNAL_KEY) msg(M_USAGE, "Parameter --external-management-key cannot be used whe n --pkcs12 is also specified."); + if (options->management_flags & MF_EXTERNAL_CERT) + msg(M_USAGE, "Parameter --external-management-cert cannot be used wh en --pkcs12 is also specified."); #endif #endif } ... it's "--management-external-*", not "--external-management-*". With that, I'll merge right away :-) thanks, gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp1k4t7kJD0_.pgp
Description: PGP signature