mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
f500c49c8e
To avoid keeping around a full-size openvpn.rst file which is never needed but will take space in the repo forever, patches 01...04 of the big documentation overhaul projects were squashed togehter, keeping the individual commit logs and URL references below. Signed-off-by: Gert Doering <gert@greenie.muc.de> * This is a combination of 4 commits. * This is the 1st commit message: doc/man: Add an .rst formatted version of the man page This is the first step to move away from a manually editing g/nroff encoded man page. Some modifications was needed to ensure formatting was consistent and rendered reasonably okay in GitHub and that the generated man page (using rst2man) is looking as a proper man page. Unsupported options has also been moved into its own section. HTML rendering directly using rst2html has also been used to validate the conversion. The rst2man and rst2html utilities comes from the python-docutils project: https://docutils.sourceforge.io/ Signed-off-by: David Sommerseth <davids@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20200716225338.611-2-davids@openvpn.net> URL: https://sourceforge.net/p/openvpn/mailman/message/37063370/ Signed-off-by: Gert Doering <gert@greenie.muc.de> * This is the commit message #2: doc/man: Replace old man page with generated man page The doc/openvpn.8 and doc/openvpn.8.html files are now being removed from the git tree, as it will be generated from the doc/openvpn.8.rst file using python-docutils. An additional dist-hook is added so these files are generated automatically when source tarballs are generated for releases. This means users compiling directly from the source tarball will not need python-docutils installed. Signed-off-by: David Sommerseth <davids@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20200716225338.611-3-davids@openvpn.net> URL: https://sourceforge.net/p/openvpn/mailman/message/37063373/ Signed-off-by: Gert Doering <gert@greenie.muc.de> * This is the commit message #3: doc/man: Split up and reorganize main man page The openvpn.8.rst file is quite long and hard to edit, as it covers several hundred options. Some options were even documented multiple places. The example has also received some attention, cleaning up old and outdated infomration. In this commit the main man page is split up into multiple sections and options are sorted into each of the corresponding section. Inside each category, each option is for now sorted alphabetically. The main openvpn.8.rst file is currently kept unchanged and will be handled in the next commit. Many language improvements contributed by Richard Bonhomme has also been incorproated. Signed-off-by: David Sommerseth <davids@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20200716225338.611-4-davids@openvpn.net> URL: https://sourceforge.net/p/openvpn/mailman/message/37063376/ Signed-off-by: Gert Doering <gert@greenie.muc.de> * This is the commit message #4: doc/man: Complete openvpn.8.rst splitting This rebuilds the openvpn.8.rst content by using the text which was split out in the previous commit by using RST ..include statements. Signed-off-by: David Sommerseth <davids@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20200716225338.611-5-davids@openvpn.net> URL: https://sourceforge.net/p/openvpn/mailman/message/37063377/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
81 lines
2.4 KiB
ReStructuredText
81 lines
2.4 KiB
ReStructuredText
PKCS#11 / SmartCard options
|
|
---------------------------
|
|
|
|
--pkcs11-cert-private args
|
|
Set if access to certificate object should be performed after login.
|
|
Every provider has its own setting.
|
|
|
|
Valid syntaxes:
|
|
::
|
|
|
|
pkcs11-cert-private 0
|
|
pkcs11-cert-private 1
|
|
|
|
--pkcs11-id name
|
|
Specify the serialized certificate id to be used. The id can be gotten
|
|
by the standalone ``--show-pkcs11-ids`` option.
|
|
|
|
--pkcs11-id-management
|
|
Acquire PKCS#11 id from management interface. In this case a
|
|
:code:`NEED-STR 'pkcs11-id-request'` real-time message will be triggered,
|
|
application may use pkcs11-id-count command to retrieve available number of
|
|
certificates, and pkcs11-id-get command to retrieve certificate id and
|
|
certificate body.
|
|
|
|
--pkcs11-pin-cache seconds
|
|
Specify how many seconds the PIN can be cached, the default is until the
|
|
token is removed.
|
|
|
|
--pkcs11-private-mode mode
|
|
Specify which method to use in order to perform private key operations.
|
|
A different mode can be specified for each provider. Mode is encoded as
|
|
hex number, and can be a mask one of the following:
|
|
|
|
:code:`0` (default) Try to determine automatically.
|
|
|
|
:code:`1` Use sign.
|
|
|
|
:code:`2` Use sign recover.
|
|
|
|
:code:`4` Use decrypt.
|
|
|
|
:code:`8` Use unwrap.
|
|
|
|
--pkcs11-protected-authentication args
|
|
Use PKCS#11 protected authentication path, useful for biometric and
|
|
external keypad devices. Every provider has its own setting.
|
|
|
|
Valid syntaxes:
|
|
::
|
|
|
|
pkcs11-protected-authentication 0
|
|
pkcs11-protected-authentication 1
|
|
|
|
--pkcs11-providers provider
|
|
Specify an RSA Security Inc. PKCS #11 Cryptographic Token Interface
|
|
(Cryptoki) providers to load. This option can be used instead of
|
|
``--cert``, ``--key`` and ``--pkcs12``.
|
|
|
|
If p11-kit is present on the system, its :code:`p11-kit-proxy.so` module
|
|
will be loaded by default if either the ``--pkcs11-id`` or
|
|
``--pkcs11-id-management`` options are specified without
|
|
``--pkcs11-provider`` being given.
|
|
|
|
--show-pkcs11-ids args
|
|
(Standalone) Show PKCS#11 token object list.
|
|
|
|
Valid syntax:
|
|
::
|
|
|
|
show-pkcs11 [provider] [cert_private]
|
|
|
|
Specify ``cert_private`` as :code:`1` if certificates are stored as
|
|
private objects.
|
|
|
|
If *p11-kit* is present on the system, the ``provider`` argument is
|
|
optional; if omitted the default :code:`p11-kit-proxy.so` module will be
|
|
queried.
|
|
|
|
``--verb`` option can be used BEFORE this option to produce debugging
|
|
information.
|