git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Sun, 21 Mar 2021 14:33:53 +0000 (15:33 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 21 Mar 2021 18:45:43 +0000 (19:45 +0100)
commit	c3a7065d5bec0ca4ad479e27c124e74fbd7c2234
tree	08f4093d2ad68b69f9c4ffd4cd4e43b6ea71b5c5	tree
parent	d1fe6d52ca066ec2d49712081d5056825c8973b2	commit \| diff

Implement peer-fingerprint to check fingerprint of peer certificate

This option allows to pin one or more more peer certificates. It also
prepares for doing TLS authentication without a CA and just
self-signed certificates.

Patch V2: Allow peer-fingerprint to be specified multiple times
          to allow multiple peers without needing to use inline
          syntax. (e.g. on command line).

Patch V3: rebase on v3 of 1/4, reword message of verify-hash and
          peer-fingerpring incompatibility

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20210321143353.2677-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20210321143353.2677-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Changes.rst		diff \| blob \| blame \| history
doc/man-sections/inline-files.rst		diff \| blob \| blame \| history
doc/man-sections/tls-options.rst		diff \| blob \| blame \| history
src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
src/openvpn/options.h		diff \| blob \| blame \| history
src/openvpn/ssl_common.h		diff \| blob \| blame \| history
src/openvpn/ssl_verify.c		diff \| blob \| blame \| history