git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit

author	Erik Kapfer <erik.kapfer@ipfire.org>
	Fri, 6 Oct 2017 13:14:48 +0000 (15:14 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 11 Oct 2017 10:55:16 +0000 (11:55 +0100)
commit	b66b02ab73863bcb9130300d8ef0eecdc51efde3
tree	29890d9317700da2ad85b19414b1047c79974c82	tree \| snapshot
parent	b0b4d09c56774e84938109963a32916716e96f85	commit \| diff

OpenVPN: Fix for '--ns-cert-type server is deprecated' .

- Added extended key usage based on RFC3280 TLS rules for OpenVPNs OpenSSL configuration,
so '--remote-cert-tls' can be used instead of the old and deprecated '--ns-cert-type'
if the host certificate are newely generated with this options.
Nevertheless both directives (old and new) will work also with old CAs.

- Automatic detection if the host certificate uses the new options.
If it does, '--remote-cert-tls server' will be automatically set into the client
configuration files for Net-to-Net and Roadwarriors connections.

If it does NOT, the old '--ns-cert-type server' directive will be set in the client
configuration file.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/ovpn/openssl/ovpn.cnf		diff \| blob \| blame \| history
html/cgi-bin/ovpnmain.cgi		diff \| blob \| blame \| history