From d04b8582a8d9cda4e886019c81f24712663e97b4 Mon Sep 17 00:00:00 2001 From: "Karl O. Pinc" Date: Tue, 2 Mar 2010 21:41:06 +0100 Subject: Several updates to openvpn.8 (man page updates) This is a collection of 4 patches sent to the -devel mailing list: * [PATCH] Frob the openvpn(8) man page tls-verify section to clarify * [PATCH] More improvments to openvpn(8) --tls-verify * [PATCH] Yet another tweak of openvpn(8) --tls-verify * [PATCH] Final frobbing of openvpn(8) --tls-verify Signed-off-by: David Sommerseth Acked-by: David Sommerseth --- openvpn.8 | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'openvpn.8') diff --git a/openvpn.8 b/openvpn.8 index 0744d44..f97861e 100644 --- a/openvpn.8 +++ b/openvpn.8 @@ -4260,11 +4260,23 @@ test). .B cmd should return 0 to allow the TLS handshake to proceed, or 1 to fail. + +Note that +.B cmd +is a command line and as such may (if enclosed in quotes) contain +whitespace separated arguments. The first word of +.B cmd +is the shell command to execute and the remaining words are its +arguments. +When .B cmd -is executed as +is executed two arguments are appended, as follows: .B cmd certificate_depth X509_NAME_oneline +These arguments are, respectively, the current certificate depth and +the X509 common name (cn) of the peer. + This feature is useful if the peer you want to trust has a certificate which was signed by a certificate authority who also signed many other certificates, where you don't necessarily want to trust all of them, @@ -4278,14 +4290,6 @@ in the OpenVPN distribution. See the "Environmental Variables" section below for additional parameters passed as environmental variables. - -Note that -.B cmd -can be a shell command with multiple arguments, in which -case all OpenVPN-generated arguments will be appended -to -.B cmd -to build a command line which will be passed to the script. .\"********************************************************* .TP .B \-\-tls-export-cert directory -- cgit