git.ipfire.org Git - thirdparty/openvpn.git/commit - doc/man-sections/tls-options.rst

author	Arne Schwabe <arne@rfc2549.org>
	Mon, 22 Mar 2021 09:16:21 +0000 (10:16 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Mon, 22 Mar 2021 10:25:25 +0000 (11:25 +0100)
commit	5b8a1231b90697774ae1dea98603bbbb9b5d9809
tree	7d1e71aeb52c6491a91868d1127527b4590dd8f1	tree \| snapshot
parent	26117a82d70dbd90f2260dd9895620394f040239	commit \| diff

Deprecate the --verify-hash option

Despite trying to figure out with multiple people what the use case for
this option is, we could not come up with a good one. Checking that only
a specific CA is used can be also done by only using that CA in the --ca
directive.

Although it feels a bit strange to deprecate the option after improving
it with peer-fingerprint patches, all the improvements are needed for
--peer-fingerprint and making them specify to --peer-fingerprint would
have added more (unecessary) changes.

Patch v3: rebased on v3 version of other patches.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20210322091621.7864-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21779.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Changes.rst		diff \| blob \| blame \| history
doc/man-sections/tls-options.rst		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history