tls-crypt-v2: clarify --tls-crypt-v2-genkey man page section

As kitsune1 mentioned in IRC, this section should explain that
"--tls-crypt-v2-genkey client" requires the user to supply the server
key using "--tls-crypt-v2".

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1540981377-22752-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17865.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 94b5cc4f565a2651b21136ce4af2e9f30e3324cd..f38fba94f026670dec17a0f54491b659d3fe8f0d 100644 (file)
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5314,6 +5314,11 @@ If no metadata is supplied, OpenVPN will use a 64\-bit unix timestamp
 representing the current time in UTC, encoded in network order, as metadata for
 the generated key.
 
+A tls\-crypt\-v2 client key is wrapped using a server key.  To generate a
+client key, the user must therefore supply the server key using the
+.B \-\-tls\-crypt\-v2
+option.
+
 Servers can use
 .B \-\-tls\-crypt\-v2\-verify
 to specify a metadata verification command.