mirror of
https://github.com/OpenVPN/openvpn.git
synced 2025-06-29 23:26:50 +08:00
c3a7065d5b
This option allows to pin one or more more peer certificates. It also
prepares for doing TLS authentication without a CA and just
self-signed certificates.
Patch V2: Allow peer-fingerprint to be specified multiple times
to allow multiple peers without needing to use inline
syntax. (e.g. on command line).
Patch V3: rebase on v3 of 1/4, reword message of verify-hash and
peer-fingerpring incompatibility
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20210321143353.2677-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20210321143353.2677-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>
26 lines
826 B
ReStructuredText
26 lines
826 B
ReStructuredText
INLINE FILE SUPPORT
|
|
===================
|
|
|
|
OpenVPN allows including files in the main configuration for the ``--ca``,
|
|
``--cert``, ``--dh``, ``--extra-certs``, ``--key``, ``--pkcs12``,
|
|
``--secret``, ``--crl-verify``, ``--http-proxy-user-pass``, ``--tls-auth``,
|
|
``--auth-gen-token-secret``, ``--peer-fingerprint``, ``--tls-crypt``,
|
|
``--tls-crypt-v2`` and ``--verify-hash`` options.
|
|
|
|
Each inline file started by the line ``<option>`` and ended by the line
|
|
``</option>``
|
|
|
|
Here is an example of an inline file usage
|
|
|
|
::
|
|
|
|
<cert>
|
|
-----BEGIN CERTIFICATE-----
|
|
[...]
|
|
-----END CERTIFICATE-----
|
|
</cert>
|
|
|
|
When using the inline file feature with ``--pkcs12`` the inline file has
|
|
to be base64 encoded. Encoding of a .p12 file into base64 can be done
|
|
for example with OpenSSL by running :code:`openssl base64 -in input.p12`
|