When using EC TLS keys, dh-file is not needed, it can be be set to "none": https://github.com/OpenVPN/openvpn/commit/bd9aa06
Description
Description
Details
Details
- Version
- -
- Is it a breaking change?
- Config syntax change (migratable)
- Issue type
- Feature (new functionality)
Related Objects
Related Objects
Event Timeline
Comment Actions
The implementation mostly works, but still behaves unexpectedly when keys don't have a BEGIN EC PRIVATE KEY or BEGIN RSA PRIVATE KEY, but have just a plain BEGIN PRIVATE KEY, which is valid for both EC and RSA (and is the default output format for openssl ec -out, for example when removing a passphrase from the key). We need to switch to checking the key type by actually trying to read it with openssl and checking its error status.