From: Steffan Karger Date: Fri, 5 May 2017 20:14:46 +0000 (+0200) Subject: Fix Changes.rst layout X-Git-Tag: v2.4.2~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de7eccea0d6cc70726f89ae30f8f8b7b5775c6a4;p=thirdparty%2Fopenvpn.git Fix Changes.rst layout The extra space before each line made the 2.4.1 section stand out from the other sections. Signed-off-by: Steffan Karger Acked-by: David Sommerseth Message-Id: <1494015286-20368-1-git-send-email-steffan.karger@fox-it.com> URL: http://www.mail-archive.com/search?l=mid&q=1494015286-20368-1-git-send-email-steffan.karger@fox-it.com Signed-off-by: David Sommerseth (cherry picked from commit 7ad917760136807298c39d9260ff6bb074db03a4) --- diff --git a/Changes.rst b/Changes.rst index 2a94990e5..c1583b396 100644 --- a/Changes.rst +++ b/Changes.rst @@ -306,15 +306,15 @@ Maintainer-visible changes Version 2.4.1 ============= - - ``--remote-cert-ku`` now only requires the certificate to have at least the - bits set of one of the values in the supplied list, instead of requiring an - exact match to one of the values in the list. - - ``--remote-cert-tls`` now only requires that a keyUsage is present in the - certificate, and leaves the verification of the value up to the crypto - library, which has more information (i.e. the key exchange method in use) - to verify that the keyUsage is correct. - - ``--ns-cert-type`` is deprecated. Use ``--remote-cert-tls`` instead. - The nsCertType x509 extension is very old, and barely used. - ``--remote-cert-tls`` uses the far more common keyUsage and extendedKeyUsage - extension instead. Make sure your certificates carry these to be able to - use ``--remote-cert-tls``. +- ``--remote-cert-ku`` now only requires the certificate to have at least the + bits set of one of the values in the supplied list, instead of requiring an + exact match to one of the values in the list. +- ``--remote-cert-tls`` now only requires that a keyUsage is present in the + certificate, and leaves the verification of the value up to the crypto + library, which has more information (i.e. the key exchange method in use) + to verify that the keyUsage is correct. +- ``--ns-cert-type`` is deprecated. Use ``--remote-cert-tls`` instead. + The nsCertType x509 extension is very old, and barely used. + ``--remote-cert-tls`` uses the far more common keyUsage and extendedKeyUsage + extension instead. Make sure your certificates carry these to be able to + use ``--remote-cert-tls``.