Re: [Openvpn-devel] [PATCH] Document the inlining of files in openvpn and document key-direction

[David Sommerseth]

On 23/08/12 23:21, Arne Schwabe wrote:
> This patch documents the usage of inline files in OpenVPN. Hackish ways of 
> inline files are deliberately left out. For tls-auth and
> secret the key-direction option is right way of specifying the direction and 
> not by using two tls-auth/secret lines where the first sets the direction and 
> has a dummy file name and the second sets the inline file data but does not 
> reset the direction parameter.
> 
> Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the 
> config parser works
> 
> Signed-off-by: Arne Schwabe 
> ---
>  doc/openvpn.8 |   39 +++
>  1 file changed, 39 insertions(+)

Applied to master.

commit 0979ec7e9109da95ad56e9365a89701fee11c72c
Author: Arne Schwabe 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Thu Aug 23 23:21:00 2012 +0200

Document the inlining of files in openvpn and document key-direction

Signed-off-by: Arne Schwabe 
Acked-by: Gert Doering 
Message-Id: 1345756860-2044-1-git-send-email-a...@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/7006
Signed-off-by: David Sommerseth 


kind regards,

David Sommerseth



signature.asc
Description: OpenPGP digital signature

Re: [Openvpn-devel] [PATCH] Document the inlining of files in openvpn and document key-direction

[Gert Doering]

Hi,

On Thu, Aug 23, 2012 at 11:21:00PM +0200, Arne Schwabe wrote:
> This patch documents the usage of inline files in OpenVPN. Hackish ways of 
> inline files are deliberately left out. For tls-auth and

ACK.

(This is far too useful to be left undocumented :-) )

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpyS4aOHddz7.pgp
Description: PGP signature

[Openvpn-devel] [PATCH] Document the inlining of files in openvpn and document key-direction

[Arne Schwabe]

This patch documents the usage of inline files in OpenVPN. Hackish ways of 
inline files are deliberately left out. For tls-auth and
secret the key-direction option is right way of specifying the direction and 
not by using two tls-auth/secret lines where the first sets the direction and 
has a dummy file name and the second sets the inline file data but does not 
reset the direction parameter.

Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the 
config parser works

Signed-off-by: Arne Schwabe 
---
 doc/openvpn.8 |   39 +++
 1 file changed, 39 insertions(+)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index a821b5e..49348e4 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -3615,6 +3615,14 @@ would see nothing
 but random-looking data.
 .\"*
 .TP
+.B \-\-key-direction
+Alternative way of specifying the optional direction parameter for the
+.B \-\-tls-auth
+and
+.B \-\-secret
+options. Useful when using inline files (See section on inline files).
+.\"*
+.TP
 .B \-\-auth alg
 Authenticate packets with HMAC using message
 digest algorithm
@@ -5895,6 +5903,37 @@ X509_1_C=KG
 .ft
 .fi
 .\"*
+.SH INLINE FILE SUPPORT
+OpenVPN allows including files in the main configuration for the 
+.B \-\-ca, \-\-cert, \-\-dh, \-\-extra-certs, \-\-key, \-\-pkcs12, \-\-secret
+and
+.B \-\-tls-auth 
+options. 
+
+Each inline file started by the line 
+.B 
+and ended by the line
+.B 
+
+Here is an example of an inline file usage
+
+.nf
+.ft 3
+.in +4
+
+-BEGIN CERTIFICATE-
+[...]
+-END CERTIFICATE-
+
+.in -4
+.ft
+.fi
+
+When using the inline file feature with 
+.B \-\-pkcs12 
+the inline file has to be base64 encoded. Encoding of a .p12 file into base64 
can be done for example with OpenSSL by running
+.B openssl base64 -in input.p12 
+
 .SH SIGNALS
 .TP
 .B SIGHUP
-- 
1.7.9.5