Update openvpn to Dual Stack version

author: Arne Schwabe <arne@rfc2549.org> 2012-12-14 12:58:27 +0100
committer: Arne Schwabe <arne@rfc2549.org> 2012-12-14 12:58:27 +0100
commit: c0ada659bb13c0c008ff78cc31f9c65fe5ce55c2 (patch)
tree: e99648de64436e8079dd51978215f99100f13c3a /openvpn/doc/management-notes.txt
parent: 8e61463fa17e61e84cb0d7ccf03bc2dde5eccaca (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/openvpn/doc/management-notes.txt b/openvpn/doc/management-notes.txt
index a07a5142..ef39b855 100644
--- a/openvpn/doc/management-notes.txt
+++ b/openvpn/doc/management-notes.txt
@@ -750,6 +750,34 @@ To accept connecting to the host and port directly, use this command:
 
   proxy NONE
 
+COMMAND -- rsa-sig (OpenVPN 2.3 or higher)
+------------------------------------------
+Provides support for external storage of the private key. Requires the
+--management-external-key option. This option can be used instead of "key"
+in client mode, and allows the client to run without the need to load the
+actual private key. When the SSL protocol needs to perform an RSA sign
+operation, the data to be signed will be sent to the management interface
+via a notification as follows:
+
+>RSA_SIGN:[BASE64_DATA]
+
+The management interface client should then sign BASE64_DATA
+using the private key and return the SSL signature as follows:
+
+rsa-sig
+[BASE64_SIG_LINE]
+.
+.
+.
+END
+
+Base64 encoded output of RSA_sign(NID_md5_sha1,... will provide a
+correct signature.
+
+This capability is intended to allow the use of arbitrary cryptographic
+service providers with OpenVPN via the management interface.
+
+
 OUTPUT FORMAT
 -------------
author	Arne Schwabe <arne@rfc2549.org>	2012-12-14 12:58:27 +0100
committer	Arne Schwabe <arne@rfc2549.org>	2012-12-14 12:58:27 +0100
commit	c0ada659bb13c0c008ff78cc31f9c65fe5ce55c2 (patch)
tree	e99648de64436e8079dd51978215f99100f13c3a /openvpn/doc/management-notes.txt
parent	8e61463fa17e61e84cb0d7ccf03bc2dde5eccaca (diff)