Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(77)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/onc/docs/onc_spec.html

Issue 61903002: ChromeOS: Add more host verification options for OpenVpn. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebased. Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chromeos/test/data/network/valid_openvpn_with_cert_pems.onc ('k') | components/onc/onc_constants.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <meta charset="utf-8"> 4 <meta charset="utf-8">
5 <link rel="stylesheet" href="onc_spec.css" > 5 <link rel="stylesheet" href="onc_spec.css" >
6 <script src="onc_spec.js"></script> 6 <script src="onc_spec.js"></script>
7 <title>Open Network Configuration Format</title> 7 <title>Open Network Configuration Format</title>
8 </head> 8 </head>
9 <body> 9 <body>
10 10
(...skipping 1174 matching lines...) Expand 10 before | Expand all | Expand 10 after
1185 OpenVPN user name. This value is subject to string expansions. If not 1185 OpenVPN user name. This value is subject to string expansions. If not
1186 specified, user is prompted at time of connection. 1186 specified, user is prompted at time of connection.
1187 </dd> 1187 </dd>
1188 1188
1189 <dt class="field">Verb</dt> 1189 <dt class="field">Verb</dt>
1190 <dd> 1190 <dd>
1191 <span class="field_meta"> 1191 <span class="field_meta">
1192 (optional) 1192 (optional)
1193 <span class="type">string</span> 1193 <span class="type">string</span>
1194 </span> 1194 </span>
1195 Verbosity level, defaults to openvpn default if not specified. 1195 Verbosity level, defaults to OpenVpn's default if not specified.
1196 </dd>
1197
1198 <dt class="field">VerifyHash</dt>
1199 <dd>
1200 <span class="field_meta">
1201 (optional)
1202 <span class="type">string</span>
1203 </span>
1204 If set, this value is passed as the "--verify-hash" argument to OpenVPN,
1205 which specifies the SHA1 fingerprint for the level-1 certificate.
1206 </dd>
1207
1208 <dt class="field">VerifyX509</dt>
1209 <dd>
1210 <span class="field_meta">
1211 (optional)
1212 <span class="type">VerifyX509</span>
1213 </span>
1214 If set, the "--verify-x509-name" argument is passed to OpenVPN with the v alues of this object and only connections will be accepted if a host's X.509 nam e is equal to the given name.
1196 </dd> 1215 </dd>
1197 </dl> 1216 </dl>
1217
1218 <p>
1219 <span class="type">VerifyX509</span> type contains the following:
1220 </p>
1221 <dl class="field_list">
1222 <dt class="field">Name</dt>
1223 <dd>
1224 <span class="field_meta">
1225 (required)
1226 <span class="type">string</span>
1227 </span>
1228 The name that the host's X.509 name is compared to. Which host name is com pared depends on the value of <span class="field">Type</span>.
1229 </dd>
1230
1231 <dt class="field">Type</dt>
1232 <dd>
1233 <span class="field_meta">
1234 (optional)
1235 <span class="type">string</span>
1236 </span>
1237 Determines which of the host's X.509 names will be verified. Allowed value s are <span class="value">name</span>, <span class="value">name-prefix</span> an d <span class="value">subject</span>. See OpenVPN's documentation for "--verify- x509-name" for the meaning of each value. Defaults to OpenVPN's default if not s pecified.
1238 </dd>
1239 </dl>
1240
1198 </section> 1241 </section>
1199 1242
1200 </section> 1243 </section>
1201 1244
1202 <section> 1245 <section>
1203 <h1>Client certificate patterns</h1> 1246 <h1>Client certificate patterns</h1>
1204 <p> 1247 <p>
1205 In order to allow clients to securely key their private keys and request 1248 In order to allow clients to securely key their private keys and request
1206 certificates through PKCS#10 format or through a web flow, we provide 1249 certificates through PKCS#10 format or through a web flow, we provide
1207 alternative CertificatePattern types. The 1250 alternative CertificatePattern types. The
(...skipping 938 matching lines...) Expand 10 before | Expand all | Expand 10 after
2146 is transmitted or saved to disk should be secure. On client device, when 2189 is transmitted or saved to disk should be secure. On client device, when
2147 user names for connections that are user-specific are persisted to disk, 2190 user names for connections that are user-specific are persisted to disk,
2148 they should be stored in a location that is encrypted. Users can also opt in 2191 they should be stored in a location that is encrypted. Users can also opt in
2149 these cases to not save their user credentials in the config file and will 2192 these cases to not save their user credentials in the config file and will
2150 instead be prompted when they are needed. 2193 instead be prompted when they are needed.
2151 </p> 2194 </p>
2152 </section> 2195 </section>
2153 </section> 2196 </section>
2154 </body> 2197 </body>
2155 </html> 2198 </html>
OLDNEW
« no previous file with comments | « chromeos/test/data/network/valid_openvpn_with_cert_pems.onc ('k') | components/onc/onc_constants.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698