Old expiration was October 2024, less than a year away.
Give everyone the chance to get the new keys before tests
start failing.
Change-Id: Ie264ec1ec61fd71e8cc87987be3e2adc2735c201
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20231121110430.16893-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27530.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
We have no real test rig for "inline" key material (key, cert, ca,
tls-auth, tls-crypt*) yet. This change adds the "sample" key set
as inline config to the "loopback-client" config, while keeping
file-based configs for "loopback-server" - that way, testing both
methods of loading keys etc. in one go.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20200513141147.17171-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19883.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Since these are examples, people might use them as a basis for their own
configs. In the non-push/pull configs, we should specify a decent cipher.
Further, I don't think we should recommend anyone to still use a static key
configuration, so remove the static key config examples.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20191109174235.20511-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19081.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
For two reasons:
1) May motivate people to use tls-auth in their setups
2) Verify tls-auth functionality when running 'make check'
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1424614268-5078-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9467
Signed-off-by: Gert Doering <gert@greenie.muc.de>
I kept most of the certificate properties equal to the old
certs, since some people's test scripts might rely on them (and
it does not require any creativity from my part).
Changes:
* Add script to generate fresh test/sample keys
(but keep sample keys in git for simple testing)
* Switch from 1024 to 4096 bits RSA CA
* Switch from 1024 to 2048 bits client/server RSA keys
* Switch from 1024 to 2048 bits Diffie-Hellman parameters
* Generate EC client and server cert, but sign with RSA CA
(lets us test EC <-> RSA interoperability)
* Remove 3DES cipher from 'sample' config
* Add 'remote-cert-tls server' to client config
* Update config files to deprecate nsCertType in favour of the
keyUsage and extendedKeyUsage extensions.
* Make naming more consistent
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Message-Id: <CAA1AbxKZr_E6Wk9GBbB3xpLyJzyBxSa1k21UDXnC90d8refUzw@mail.gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9226
Signed-off-by: Gert Doering <gert@greenie.muc.de>
