git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan@karger.me>
	Wed, 22 Oct 2014 22:14:29 +0000 (00:14 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 23 Nov 2014 18:29:06 +0000 (19:29 +0100)
commit	b77c27a1d945d740c7e7f6b64b1227d5d9077aa5
tree	bc3c4090c8097ce25a2ed737bca0cf1ab1736c1a	tree \| snapshot
parent	e9b07dc92f0827aa58b8aeef736480ba1fa47e95	commit \| diff

Modernize sample keys and sample configs

I kept most of the certificate properties equal to the old
certs, since some people's test scripts might rely on them (and
it does not require any creativity from my part).

Changes:
* Add script to generate fresh test/sample keys
   (but keep sample keys in git for simple testing)
* Switch from 1024 to 4096 bits RSA CA
* Switch from 1024 to 2048 bits client/server RSA keys
* Switch from 1024 to 2048 bits Diffie-Hellman parameters
* Generate EC client and server cert, but sign with RSA CA
   (lets us test EC <-> RSA interoperability)
* Remove 3DES cipher from 'sample' config
* Add 'remote-cert-tls server' to client config
* Update config files to deprecate nsCertType in favour of the
   keyUsage and extendedKeyUsage extensions.
* Make naming more consistent

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <54721611.4020103@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9271
Signed-off-by: Gert Doering <gert@greenie.muc.de>

sample/sample-config-files/client.conf		diff \| blob \| blame \| history
sample/sample-config-files/loopback-client		diff \| blob \| blame \| history
sample/sample-config-files/loopback-server		diff \| blob \| blame \| history
sample/sample-config-files/server.conf		diff \| blob \| blame \| history
sample/sample-config-files/tls-office.conf		diff \| blob \| blame \| history
sample/sample-keys/.gitignore	[new file with mode: 0644]	blob
sample/sample-keys/README		diff \| blob \| blame \| history
sample/sample-keys/ca.crt		diff \| blob \| blame \| history
sample/sample-keys/ca.key		diff \| blob \| blame \| history
sample/sample-keys/client-ec.crt	[new file with mode: 0644]	blob
sample/sample-keys/client-ec.key	[new file with mode: 0644]	blob
sample/sample-keys/client-pass.key	[new file with mode: 0644]	blob
sample/sample-keys/client.crt		diff \| blob \| blame \| history
sample/sample-keys/client.key		diff \| blob \| blame \| history
sample/sample-keys/client.p12	[new file with mode: 0644]	blob
sample/sample-keys/dh1024.pem	[deleted file]	blob \| blame \| history
sample/sample-keys/dh2048.pem	[new file with mode: 0644]	blob
sample/sample-keys/gen-sample-keys.sh	[new file with mode: 0755]	blob
sample/sample-keys/openssl.cnf	[new file with mode: 0644]	blob
sample/sample-keys/pass.crt	[deleted file]	blob \| blame \| history
sample/sample-keys/pass.key	[deleted file]	blob \| blame \| history
sample/sample-keys/pkcs12.p12	[deleted file]	blob \| blame \| history
sample/sample-keys/server-ec.crt	[new file with mode: 0644]	blob
sample/sample-keys/server-ec.key	[new file with mode: 0644]	blob
sample/sample-keys/server.crt		diff \| blob \| blame \| history
sample/sample-keys/server.key		diff \| blob \| blame \| history