Document the inlining of files in openvpn and document key-direction

This patch documents the usage of inline files in OpenVPN. Hackish ways of inline files are deliberately left out. For tls-auth and secret the key-direction option is right way of specifying the direction and not by using two tls-auth/secret lines where the first sets the direction and has a dummy file name and the second sets the inline file data but does not reset the direction parameter. Also pkcs12 [[INLINE]] base64encoded_data works but is a quirk of how the config parser works Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: 1345756860-2044-1-git-send-email-arne@rfc2549.org URL: http://article.gmane.org/gmane.network.openvpn.devel/7006 Signed-off-by: David Sommerseth <davids@redhat.com>
2024-09-20 12:02:28 +02:00 · 2012-08-23 23:21:00 +02:00 · 2012-08-23 23:21:00 +02:00 · 0979ec7e91
commit 0979ec7e91
parent e1f6121d6c
1 changed files with 39 additions and 0 deletions
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@ -3621,6 +3621,14 @@ would see nothing
 but random-looking data.
 .\"*********************************************************
 .TP
+.B \-\-key-direction
+Alternative way of specifying the optional direction parameter for the
+.B \-\-tls-auth
+and
+.B \-\-secret
+options. Useful when using inline files (See section on inline files).
+.\"*********************************************************
+.TP
 .B \-\-auth alg
 Authenticate packets with HMAC using message
 digest algorithm
@ -5901,6 +5909,37 @@ X509_1_C=KG
 .ft
 .fi
 .\"*********************************************************
+.SH INLINE FILE SUPPORT
+OpenVPN allows including files in the main configuration for the
+.B \-\-ca, \-\-cert, \-\-dh, \-\-extra-certs, \-\-key, \-\-pkcs12, \-\-secret
+and
+.B \-\-tls-auth
+options.
+
+Each inline file started by the line
+.B <option>
+and ended by the line
+.B </option>
+
+Here is an example of an inline file usage
+
+.nf
+.ft 3
+.in +4
+<cert>
+-----BEGIN CERTIFICATE-----
+[...]
+-----END CERTIFICATE-----
+</cert>
+.in -4
+.ft
+.fi
+
+When using the inline file feature with
+.B \-\-pkcs12
+the inline file has to be base64 encoded. Encoding of a .p12 file into base64 can be done for example with OpenSSL by running
+.B openssl base64 -in input.p12
+
 .SH SIGNALS
 .TP
 .B SIGHUP