Hi, On 31/10/2018 20:22, Steffan Karger wrote: > As kitsune1 mentioned in IRC, this section should explain that > "--tls-crypt-v2-genkey client" requires the user to supply the server > key using "--tls-crypt-v2". > > Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
Makes sense and, after listening to some people getting confused, it is good to clarify the procedure. Acked-by: Antonio Quartulli <anto...@openvpn.net> > --- > doc/openvpn.8 | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/doc/openvpn.8 b/doc/openvpn.8 > index 94b5cc4..f38fba9 100644 > --- a/doc/openvpn.8 > +++ b/doc/openvpn.8 > @@ -5314,6 +5314,11 @@ If no metadata is supplied, OpenVPN will use a 64\-bit > unix timestamp > representing the current time in UTC, encoded in network order, as metadata > for > the generated key. > > +A tls\-crypt\-v2 client key is wrapped using a server key. To generate a > +client key, the user must therefore supply the server key using the > +.B \-\-tls\-crypt\-v2 > +option. > + > Servers can use > .B \-\-tls\-crypt\-v2\-verify > to specify a metadata verification command. > -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
