git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan@karger.me>
	Tue, 8 Aug 2017 20:00:47 +0000 (22:00 +0200)
committer	David Sommerseth <davids@openvpn.net>
	Tue, 15 Aug 2017 11:37:32 +0000 (13:37 +0200)
commit	49e12a39abdecb4c63ea0e577f9abc18e0eda082
tree	051a248e17cb23e0480c6cd5e623910b8fa18909	tree \| snapshot
parent	ca870b1396a173bbb9752bbe2e69f25fa2c094af	commit \| diff

Deprecate --ns-cert-type

This is a manual cherry-pick of commit 2dc33226 of the master branch,
for the release/2.3 branch.

The nsCertType x509 extension is very old, and barely used. We already
have had an alternative for a long time: --remote-cert-tls uses the far
more common keyUsage and extendedKeyUsage extensions instead.

OpenSSL 1.1 no longer exposes an API to (separately) check the nsCertType
x509 extension. Since we want be able to migrate to OpenSSL 1.1, we
should deprecate this option immediately.

Trac: #876

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1502222447-8186-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15180.html
Signed-off-by: David Sommerseth <davids@openvpn.net>

Changes.rst		diff \| blob \| blame \| history
doc/openvpn.8		diff \| blob \| blame \| history
src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
tests/t_client.rc-sample		diff \| blob \| blame \| history