Merge tag 'upstream/2.4.0'

Upstream version 2.4.0
author: Alberto Gonzalez Iniesta <agi@inittab.org> 2016-12-27 18:25:47 +0100
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2016-12-27 18:25:47 +0100
commit: 79f3537f69e125f19f59c36aa090120a63186a54 (patch)
tree: 2089a3b7dac990841dbc2e4d9b2f535b82dbb0af /doc/management-notes.txt
parent: f2137fedb30cb87448eb03b2f288920df6187571 (diff)
parent: 3a2bbdb05ca6a6996e424c9fb225cb0d53804125 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/doc/management-notes.txt b/doc/management-notes.txt
index dd870eb..29c3aad 100644
--- a/doc/management-notes.txt
+++ b/doc/management-notes.txt
@@ -773,8 +773,9 @@ via a notification as follows:
 
 >RSA_SIGN:[BASE64_DATA]
 
-The management interface client should then sign BASE64_DATA
-using the private key and return the SSL signature as follows:
+The management interface client should then create a PKCS#1 v1.5 signature of
+the (decoded) BASE64_DATA using the private key and return the SSL signature as
+follows:
 
 rsa-sig
 [BASE64_SIG_LINE]
@@ -783,8 +784,8 @@ rsa-sig
 .
 END
 
-Base64 encoded output of RSA_sign(NID_md5_sha1,... will provide a
-correct signature.
+Base64 encoded output of RSA_private_encrypt() (OpenSSL) or mbedtls_pk_sign()
+(mbed TLS) will provide a correct signature.
 
 This capability is intended to allow the use of arbitrary cryptographic
 service providers with OpenVPN via the management interface.
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2016-12-27 18:25:47 +0100
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2016-12-27 18:25:47 +0100
commit	79f3537f69e125f19f59c36aa090120a63186a54 (patch)
tree	2089a3b7dac990841dbc2e4d9b2f535b82dbb0af /doc/management-notes.txt
parent	f2137fedb30cb87448eb03b2f288920df6187571 (diff)
parent	3a2bbdb05ca6a6996e424c9fb225cb0d53804125 (diff)