From: Steffan Karger <steffan.karger@fox-it.com>
Date: Wed, 31 Oct 2018 10:22:57 +0000 (+0100)
Subject: tls-crypt-v2: clarify --tls-crypt-v2-genkey man page section
X-Git-Tag: v2.5_beta1~382
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=01039891ece9f38f7a17c80e5afc261ab5bcbaf3;p=thirdparty%2Fopenvpn.git

tls-crypt-v2: clarify --tls-crypt-v2-genkey man page section

As kitsune1 mentioned in IRC, this section should explain that
"--tls-crypt-v2-genkey client" requires the user to supply the server
key using "--tls-crypt-v2".

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1540981377-22752-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17865.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 94b5cc4f5..f38fba94f 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5314,6 +5314,11 @@ If no metadata is supplied, OpenVPN will use a 64\-bit unix timestamp
 representing the current time in UTC, encoded in network order, as metadata for
 the generated key.
 
+A tls\-crypt\-v2 client key is wrapped using a server key.  To generate a
+client key, the user must therefore supply the server key using the
+.B \-\-tls\-crypt\-v2
+option.
+
 Servers can use
 .B \-\-tls\-crypt\-v2\-verify
 to specify a metadata verification command.