Adapt commit message from cf69617bbea45a15423c4188daa9386debcbe1ec for man
page and management documentation.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1349082318-985-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/7081
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -750,6 +750,34 @@ To accept connecting to the host and port directly, use this command: |
750 | 750 |
|
751 | 751 |
proxy NONE |
752 | 752 |
|
753 |
+COMMAND -- rsa-sig (OpenVPN 2.3 or higher) |
|
754 |
+------------------------------------------ |
|
755 |
+Provides support for external storage of the private key. Requires the |
|
756 |
+--management-external-key option. This option can be used instead of "key" |
|
757 |
+in client mode, and allows the client to run without the need to load the |
|
758 |
+actual private key. When the SSL protocol needs to perform an RSA sign |
|
759 |
+operation, the data to be signed will be sent to the management interface |
|
760 |
+via a notification as follows: |
|
761 |
+ |
|
762 |
+>RSA_SIGN:[BASE64_DATA] |
|
763 |
+ |
|
764 |
+The management interface client should then sign BASE64_DATA |
|
765 |
+using the private key and return the SSL signature as follows: |
|
766 |
+ |
|
767 |
+rsa-sig |
|
768 |
+[BASE64_SIG_LINE] |
|
769 |
+. |
|
770 |
+. |
|
771 |
+. |
|
772 |
+END |
|
773 |
+ |
|
774 |
+Base64 encoded output of RSA_sign(NID_md5_sha1,... will provide a |
|
775 |
+correct signature. |
|
776 |
+ |
|
777 |
+This capability is intended to allow the use of arbitrarycryptographic |
|
778 |
+service providers with OpenVPN via the management interface. |
|
779 |
+ |
|
780 |
+ |
|
753 | 781 |
OUTPUT FORMAT |
754 | 782 |
------------- |
755 | 783 |
|
... | ... |
@@ -2464,6 +2464,11 @@ Allow management interface to override |
2464 | 2464 |
.B \-\-remote |
2465 | 2465 |
directives (client-only). |
2466 | 2466 |
.\"********************************************************* |
2467 |
+.B \-\-management-external-key |
|
2468 |
+Allows usage for external private key file instead of |
|
2469 |
+.B \-\-key |
|
2470 |
+option (client-only). |
|
2471 |
+.\"********************************************************* |
|
2467 | 2472 |
.TP |
2468 | 2473 |
.B \-\-management-forget-disconnect |
2469 | 2474 |
Make OpenVPN forget passwords when management session |