From 3a2bbdb05ca6a6996e424c9fb225cb0d53804125 Mon Sep 17 00:00:00 2001
From: Alberto Gonzalez Iniesta <agi@inittab.org>
Date: Tue, 27 Dec 2016 18:25:47 +0100
Subject: New upstream version 2.4.0

---
 doc/management-notes.txt | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'doc/management-notes.txt')

diff --git a/doc/management-notes.txt b/doc/management-notes.txt
index dd870eb..29c3aad 100644
--- a/doc/management-notes.txt
+++ b/doc/management-notes.txt
@@ -773,8 +773,9 @@ via a notification as follows:
 
 >RSA_SIGN:[BASE64_DATA]
 
-The management interface client should then sign BASE64_DATA
-using the private key and return the SSL signature as follows:
+The management interface client should then create a PKCS#1 v1.5 signature of
+the (decoded) BASE64_DATA using the private key and return the SSL signature as
+follows:
 
 rsa-sig
 [BASE64_SIG_LINE]
@@ -783,8 +784,8 @@ rsa-sig
 .
 END
 
-Base64 encoded output of RSA_sign(NID_md5_sha1,... will provide a
-correct signature.
+Base64 encoded output of RSA_private_encrypt() (OpenSSL) or mbedtls_pk_sign()
+(mbed TLS) will provide a correct signature.
 
 This capability is intended to allow the use of arbitrary cryptographic
 service providers with OpenVPN via the management interface.
-- 
cgit v1.2.3