From 6117b639d32095fa761f4773c9eec27e9f70f6f4 Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Thu, 16 Feb 2006 18:17:32 +0000
Subject: svn merge -r 888:889
 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21 21

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@894 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 openvpn.8 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'openvpn.8')

diff --git a/openvpn.8 b/openvpn.8
index 8f29469..74f422a 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -4114,7 +4114,7 @@ Require that peer certificate was signed with an explicit
 .B key usage
 and
 .B extended key usage
-based on TLS rules.
+based on RFC3280 TLS rules.
 
 This is a useful security option for clients, to ensure that
 the host they connect to is a designated server.
@@ -4125,11 +4125,15 @@ option is equivalent to
 .B
 --remote-cert-ku 80 08 88 --remote-cert-eku "TLS Web Client Authentication"
 
+The key usage is digitalSignature and/or keyAgreement.
+
 The
 .B --remote-cert-tls server
 option is equivalent to
 .B
---remote-cert-ku a0 08 --remote-cert-eku "TLS Web Server Authentication"
+--remote-cert-ku a0 88 --remote-cert-eku "TLS Web Server Authentication"
+
+The key usage is digitalSignature and ( keyEncipherment or keyAgreement ).
 
 This is an important security precaution to protect against
 a man-in-the-middle attack where an authorized client
-- 
cgit