mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 12:12:15 +02:00
Code
e9a903fd9f
openvpn3/test
History
Heiko Hund e9a903fd9f add support for the --peer-fingerprint option 
This option lets you specify the SHA256 fingerprint of a peer's self-signed
certificate. The peer's certificate, presented during connection bring-up,
is compared to the fingerprint. The connection fails if it doesn't
match.

So, this serves as an easy, yet secure, alternative to setting up a PKI,
but can also be used in conjunction with one to add one more check during
leaf certificate validation.

The option can also be given as inline block, for easier management for
multiple fingerprints:

  <peer-fingerprint>
  00:11:22:33:...:BB:CC:DD:FF
  BB:CC:DD:FF:...:00:11:22:33
  </peer-fingerprint>

Signed-off-by: Heiko Hund <heiko@openvpn.net>
2021-04-28 23:56:22 +02:00
..
ovpncli docs: Update README 2021-04-22 12:54:34 +02:00
ssl docs: Update README 2021-04-22 12:54:34 +02:00
unittests add support for the --peer-fingerprint option 2021-04-28 23:56:22 +02:00
unused Update copyrights 2020-03-18 19:37:32 +01:00