diff options
| author | Steffan Karger | 2018-10-31 11:22:57 +0100 |
|---|---|---|
| committer | Gert Doering | 2018-11-18 15:09:17 +0100 |
| commit | 01039891ece9f38f7a17c80e5afc261ab5bcbaf3 (patch) | |
| tree | 8fbb00e2ef7e683d15f108e9c80935b038257345 /doc/openvpn.8 | |
| parent | ddd925bf23bc1b43fda93d2757619a1613cec1ba (diff) | |
| download | openvpn-01039891ece9f38f7a17c80e5afc261ab5bcbaf3.zip openvpn-01039891ece9f38f7a17c80e5afc261ab5bcbaf3.tar.gz | |
tls-crypt-v2: clarify --tls-crypt-v2-genkey man page section
As kitsune1 mentioned in IRC, this section should explain that
"--tls-crypt-v2-genkey client" requires the user to supply the server
key using "--tls-crypt-v2".
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1540981377-22752-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17865.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'doc/openvpn.8')
| -rw-r--r-- | doc/openvpn.8 | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 94b5cc4..f38fba9 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5314,6 +5314,11 @@ If no metadata is supplied, OpenVPN will use a 64\-bit unix timestamp representing the current time in UTC, encoded in network order, as metadata for the generated key. +A tls\-crypt\-v2 client key is wrapped using a server key. To generate a +client key, the user must therefore supply the server key using the +.B \-\-tls\-crypt\-v2 +option. + Servers can use .B \-\-tls\-crypt\-v2\-verify to specify a metadata verification command. |