Re: [Openvpn-devel] [PATCH] Document the inlining of files in openvpn and document key-direction
On 23/08/12 23:21, Arne Schwabe wrote: > This patch documents the usage of inline files in OpenVPN. Hackish ways of > inline files are deliberately left out. For tls-auth and > secret the key-direction option is right way of specifying the direction and > not by using two tls-auth/secret lines where the first sets the direction and > has a dummy file name and the second sets the inline file data but does not > reset the direction parameter. > > Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the > config parser works > > Signed-off-by: Arne Schwabe> --- > doc/openvpn.8 | 39 +++ > 1 file changed, 39 insertions(+) Applied to master. commit 0979ec7e9109da95ad56e9365a89701fee11c72c Author: Arne Schwabe List-Post: openvpn-devel@lists.sourceforge.net Date: Thu Aug 23 23:21:00 2012 +0200 Document the inlining of files in openvpn and document key-direction Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: 1345756860-2044-1-git-send-email-a...@rfc2549.org URL: http://article.gmane.org/gmane.network.openvpn.devel/7006 Signed-off-by: David Sommerseth kind regards, David Sommerseth signature.asc Description: OpenPGP digital signature
Re: [Openvpn-devel] [PATCH] Document the inlining of files in openvpn and document key-direction
Hi, On Thu, Aug 23, 2012 at 11:21:00PM +0200, Arne Schwabe wrote: > This patch documents the usage of inline files in OpenVPN. Hackish ways of > inline files are deliberately left out. For tls-auth and ACK. (This is far too useful to be left undocumented :-) ) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpyS4aOHddz7.pgp Description: PGP signature
[Openvpn-devel] [PATCH] Document the inlining of files in openvpn and document key-direction
This patch documents the usage of inline files in OpenVPN. Hackish ways of inline files are deliberately left out. For tls-auth and secret the key-direction option is right way of specifying the direction and not by using two tls-auth/secret lines where the first sets the direction and has a dummy file name and the second sets the inline file data but does not reset the direction parameter. Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the config parser works Signed-off-by: Arne Schwabe--- doc/openvpn.8 | 39 +++ 1 file changed, 39 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index a821b5e..49348e4 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -3615,6 +3615,14 @@ would see nothing but random-looking data. .\"* .TP +.B \-\-key-direction +Alternative way of specifying the optional direction parameter for the +.B \-\-tls-auth +and +.B \-\-secret +options. Useful when using inline files (See section on inline files). +.\"* +.TP .B \-\-auth alg Authenticate packets with HMAC using message digest algorithm @@ -5895,6 +5903,37 @@ X509_1_C=KG .ft .fi .\"* +.SH INLINE FILE SUPPORT +OpenVPN allows including files in the main configuration for the +.B \-\-ca, \-\-cert, \-\-dh, \-\-extra-certs, \-\-key, \-\-pkcs12, \-\-secret +and +.B \-\-tls-auth +options. + +Each inline file started by the line +.B +and ended by the line +.B + +Here is an example of an inline file usage + +.nf +.ft 3 +.in +4 + +-BEGIN CERTIFICATE- +[...] +-END CERTIFICATE- + +.in -4 +.ft +.fi + +When using the inline file feature with +.B \-\-pkcs12 +the inline file has to be base64 encoded. Encoding of a .p12 file into base64 can be done for example with OpenSSL by running +.B openssl base64 -in input.p12 + .SH SIGNALS .TP .B SIGHUP -- 1.7.9.5