[Openvpn-devel] [S] Change in openvpn[master]: Correct documentation for --ns-cert-type
cron2 has uploaded a new patch set (#2) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1428?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: Correct documentation for --ns-cert-type .. Correct documentation for --ns-cert-type Our documentation claimed this option was removed. But it was not, for compatiblity reasons. So reflect the correct status. Change-Id: I1d1851eaebe8bf66c92dac3c8c10f68b1ec3ef33 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1428 Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg34984.html Signed-off-by: Gert Doering --- M doc/man-sections/tls-options.rst M doc/man-sections/unsupported-options.rst 2 files changed, 11 insertions(+), 6 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/28/1428/2 diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst index 846dfdd..c4aa810 100644 --- a/doc/man-sections/tls-options.rst +++ b/doc/man-sections/tls-options.rst @@ -222,6 +222,17 @@ ``--cert file`` above). URI is supported only when built with OpenSSL 3.0 or later and any required providers are loaded. (See ``--cert`` for more details). +--ns-cert-type type + **DEPRECATED** The ``--remote-cert-tls`` option should be used instead. + The option is still available since it can't be silently ignored and needs + updates to certificates and configs on both sides of the connection. + However it should not be used for new clients or servers. It depends on the + deprecated ``nsCertType`` certificate field. + + Might not work depending on the TLS library used. + + Will be removed in a future release. + --pkcs12 file Specify a PKCS #12 file containing local private key, local certificate, and root CA certificate. This option can be used instead of ``--ca``, diff --git a/doc/man-sections/unsupported-options.rst b/doc/man-sections/unsupported-options.rst index 6e77333..b646991 100644 --- a/doc/man-sections/unsupported-options.rst +++ b/doc/man-sections/unsupported-options.rst @@ -44,12 +44,6 @@ VPN tunnel security. Previously we claimed to have removed this in OpenVPN 2.5, but this wasn't actually the case. ---ns-cert-type - Removed in OpenVPN 2.5. The ``nsCertType`` field is no longer supported - in recent SSL/TLS libraries. If your certificates does not include *key - usage* and *extended key usage* fields, they must be upgraded and the - ``--remote-cert-tls`` option should be used instead. - --prng Removed in OpenVPN 2.6. We now always use the PRNG of the SSL library. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1428?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1d1851eaebe8bf66c92dac3c8c10f68b1ec3ef33 Gerrit-Change-Number: 1428 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld Gerrit-Reviewer: cron2 Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Correct documentation for --ns-cert-type
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1428?usp=email ) Change subject: Correct documentation for --ns-cert-type .. Correct documentation for --ns-cert-type Our documentation claimed this option was removed. But it was not, for compatiblity reasons. So reflect the correct status. Change-Id: I1d1851eaebe8bf66c92dac3c8c10f68b1ec3ef33 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1428 Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg34984.html Signed-off-by: Gert Doering --- M doc/man-sections/tls-options.rst M doc/man-sections/unsupported-options.rst 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst index 846dfdd..c4aa810 100644 --- a/doc/man-sections/tls-options.rst +++ b/doc/man-sections/tls-options.rst @@ -222,6 +222,17 @@ ``--cert file`` above). URI is supported only when built with OpenSSL 3.0 or later and any required providers are loaded. (See ``--cert`` for more details). +--ns-cert-type type + **DEPRECATED** The ``--remote-cert-tls`` option should be used instead. + The option is still available since it can't be silently ignored and needs + updates to certificates and configs on both sides of the connection. + However it should not be used for new clients or servers. It depends on the + deprecated ``nsCertType`` certificate field. + + Might not work depending on the TLS library used. + + Will be removed in a future release. + --pkcs12 file Specify a PKCS #12 file containing local private key, local certificate, and root CA certificate. This option can be used instead of ``--ca``, diff --git a/doc/man-sections/unsupported-options.rst b/doc/man-sections/unsupported-options.rst index 6e77333..b646991 100644 --- a/doc/man-sections/unsupported-options.rst +++ b/doc/man-sections/unsupported-options.rst @@ -44,12 +44,6 @@ VPN tunnel security. Previously we claimed to have removed this in OpenVPN 2.5, but this wasn't actually the case. ---ns-cert-type - Removed in OpenVPN 2.5. The ``nsCertType`` field is no longer supported - in recent SSL/TLS libraries. If your certificates does not include *key - usage* and *extended key usage* fields, they must be upgraded and the - ``--remote-cert-tls`` option should be used instead. - --prng Removed in OpenVPN 2.6. We now always use the PRNG of the SSL library. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1428?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1d1851eaebe8bf66c92dac3c8c10f68b1ec3ef33 Gerrit-Change-Number: 1428 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld Gerrit-Reviewer: cron2 Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Correct documentation for --ns-cert-type
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1428?usp=email ) Change subject: Correct documentation for --ns-cert-type .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1428?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1d1851eaebe8bf66c92dac3c8c10f68b1ec3ef33 Gerrit-Change-Number: 1428 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: cron2 Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Wed, 10 Dec 2025 08:56:12 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Correct documentation for --ns-cert-type
Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/1428?usp=email to review the following change. Change subject: Correct documentation for --ns-cert-type .. Correct documentation for --ns-cert-type Our documentation claimed this option was removed. But it was not, for compatiblity reasons. So reflect the correct status. Change-Id: I1d1851eaebe8bf66c92dac3c8c10f68b1ec3ef33 Signed-off-by: Frank Lichtenheld --- M doc/man-sections/tls-options.rst M doc/man-sections/unsupported-options.rst 2 files changed, 11 insertions(+), 6 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/28/1428/1 diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst index 846dfdd..c4aa810 100644 --- a/doc/man-sections/tls-options.rst +++ b/doc/man-sections/tls-options.rst @@ -222,6 +222,17 @@ ``--cert file`` above). URI is supported only when built with OpenSSL 3.0 or later and any required providers are loaded. (See ``--cert`` for more details). +--ns-cert-type type + **DEPRECATED** The ``--remote-cert-tls`` option should be used instead. + The option is still available since it can't be silently ignored and needs + updates to certificates and configs on both sides of the connection. + However it should not be used for new clients or servers. It depends on the + deprecated ``nsCertType`` certificate field. + + Might not work depending on the TLS library used. + + Will be removed in a future release. + --pkcs12 file Specify a PKCS #12 file containing local private key, local certificate, and root CA certificate. This option can be used instead of ``--ca``, diff --git a/doc/man-sections/unsupported-options.rst b/doc/man-sections/unsupported-options.rst index 6e77333..b646991 100644 --- a/doc/man-sections/unsupported-options.rst +++ b/doc/man-sections/unsupported-options.rst @@ -44,12 +44,6 @@ VPN tunnel security. Previously we claimed to have removed this in OpenVPN 2.5, but this wasn't actually the case. ---ns-cert-type - Removed in OpenVPN 2.5. The ``nsCertType`` field is no longer supported - in recent SSL/TLS libraries. If your certificates does not include *key - usage* and *extended key usage* fields, they must be upgraded and the - ``--remote-cert-tls`` option should be used instead. - --prng Removed in OpenVPN 2.6. We now always use the PRNG of the SSL library. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1428?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1d1851eaebe8bf66c92dac3c8c10f68b1ec3ef33 Gerrit-Change-Number: 1428 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
