git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan@karger.me>
	Sat, 4 Mar 2017 18:49:57 +0000 (19:49 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 19 Mar 2017 15:49:11 +0000 (16:49 +0100)
commit	2dc332266449d5378f1fe04f950cbebf128ec9c9
tree	5c1afe0e45b32cf36863da4f40614e7846cfdb04	tree
parent	db1b4d96bfe7e744a0dec8f86cb041c32fb87964	commit \| diff

Deprecate --ns-cert-type

The nsCertType x509 extension is very old, and barely used. We already
have had an alternative for a long time: --remote-cert-tls uses the far
more common keyUsage and extendedKeyUsage extensions instead.

OpenSSL 1.1 longer exposes an API to (separately) check the nsCertType x509
extension. Since we want be able to migrate to OpenSSL 1.1, we should
deprecate this option immediately.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1488653397-2309-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14222.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Changes.rst		diff \| blob \| blame \| history
doc/openvpn.8		diff \| blob \| blame \| history
src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
tests/t_client.rc-sample		diff \| blob \| blame \| history