git.ipfire.org Git - thirdparty/openvpn.git/commit

author	David Sommerseth <davids@openvpn.net>
	Tue, 15 Nov 2016 13:40:56 +0000 (14:40 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Wed, 16 Nov 2016 20:19:23 +0000 (21:19 +0100)
commit	10ce637066f44e8ad9f4af000b8d0c2a4012236d
tree	eb86403a4d2fff61830288b202d8482248496d5e	tree
parent	3b185161de1254af746494007b7e81d17f632d4b	commit \| diff

options: Remove --tls-remote

In OpenVPN 2.3 --tls-remote got deprecated in favour of --verify-x509-name.
The new option solves the same task as --tls-remote but in a more flexible
and improved way.  This new option was introduced in commit 9f0fc745664fd0
(release/2.3: f6e12862cefd054eb1).  Removing --tls-remote will only require
a minor configuration file change.

The removal of this option has been documented in the man pages since the
release of OpenVPN v2.3, where also the deprecation of --compat-names and
--no-name-remapping was included.  However, those two will first be removed
in OpenVPN v2.5.

The reason not to remove --compat-names and --no-name-remapping now is that
such a change will require TLS verification scripts and plug-ins to be
updated to support the new X.509 subject formatting; which
--verify-x509-name already uses.

Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1479217256-21298-1-git-send-email-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13070.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Changes.rst		diff \| blob \| blame \| history
doc/openvpn.8		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
src/openvpn/ssl_verify.h		diff \| blob \| blame \| history