mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 12:12:15 +02:00
e9a903fd9f
This option lets you specify the SHA256 fingerprint of a peer's self-signed certificate. The peer's certificate, presented during connection bring-up, is compared to the fingerprint. The connection fails if it doesn't match. So, this serves as an easy, yet secure, alternative to setting up a PKI, but can also be used in conjunction with one to add one more check during leaf certificate validation. The option can also be given as inline block, for easier management for multiple fingerprints: <peer-fingerprint> 00:11:22:33:...:BB:CC:DD:FF BB:CC:DD:FF:...:00:11:22:33 </peer-fingerprint> Signed-off-by: Heiko Hund <heiko@openvpn.net> |
||
---|---|---|
.. | ||
ovpncli | ||
ssl | ||
unittests | ||
unused |