diff options
| author | Arne Schwabe | 2021-03-22 10:16:21 +0100 |
|---|---|---|
| committer | Gert Doering | 2021-03-22 11:25:25 +0100 |
| commit | 5b8a1231b90697774ae1dea98603bbbb9b5d9809 (patch) | |
| tree | 7d1e71aeb52c6491a91868d1127527b4590dd8f1 /doc | |
| parent | 26117a82d70dbd90f2260dd9895620394f040239 (diff) | |
| download | openvpn-5b8a1231b90697774ae1dea98603bbbb9b5d9809.zip openvpn-5b8a1231b90697774ae1dea98603bbbb9b5d9809.tar.gz | |
Deprecate the --verify-hash option
Despite trying to figure out with multiple people what the use case for
this option is, we could not come up with a good one. Checking that only
a specific CA is used can be also done by only using that CA in the --ca
directive.
Although it feels a bit strange to deprecate the option after improving
it with peer-fingerprint patches, all the improvements are needed for
--peer-fingerprint and making them specify to --peer-fingerprint would
have added more (unecessary) changes.
Patch v3: rebased on v3 version of other patches.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20210322091621.7864-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21779.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man-sections/tls-options.rst | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst index 8f5e37c..00ea063 100644 --- a/doc/man-sections/tls-options.rst +++ b/doc/man-sections/tls-options.rst @@ -564,7 +564,7 @@ certificates and keys: https://github.com/OpenVPN/easy-rsa :code:`1.2`. --verify-hash args - Specify SHA1 or SHA256 fingerprint for level-1 cert. + **DEPRECATED** Specify SHA1 or SHA256 fingerprint for level-1 cert. Valid syntax: :: |