Version 2.4.1
=============
- - ``--remote-cert-ku`` now only requires the certificate to have at least the
- bits set of one of the values in the supplied list, instead of requiring an
- exact match to one of the values in the list.
- - ``--remote-cert-tls`` now only requires that a keyUsage is present in the
- certificate, and leaves the verification of the value up to the crypto
- library, which has more information (i.e. the key exchange method in use)
- to verify that the keyUsage is correct.
- - ``--ns-cert-type`` is deprecated. Use ``--remote-cert-tls`` instead.
- The nsCertType x509 extension is very old, and barely used.
- ``--remote-cert-tls`` uses the far more common keyUsage and extendedKeyUsage
- extension instead. Make sure your certificates carry these to be able to
- use ``--remote-cert-tls``.
+- ``--remote-cert-ku`` now only requires the certificate to have at least the
+ bits set of one of the values in the supplied list, instead of requiring an
+ exact match to one of the values in the list.
+- ``--remote-cert-tls`` now only requires that a keyUsage is present in the
+ certificate, and leaves the verification of the value up to the crypto
+ library, which has more information (i.e. the key exchange method in use)
+ to verify that the keyUsage is correct.
+- ``--ns-cert-type`` is deprecated. Use ``--remote-cert-tls`` instead.
+ The nsCertType x509 extension is very old, and barely used.
+ ``--remote-cert-tls`` uses the far more common keyUsage and extendedKeyUsage
+ extension instead. Make sure your certificates carry these to be able to
+ use ``--remote-cert-tls``.
projects / thirdparty / openvpn.git / commitdiff
