Adam Laurie said:
>
> >> this was just a quick note to request that you do some whitespace foo
> > > (in particular CR/LF stuff) for the openvpn generated secret files as
> > > this seems to cause pain when setting up keys generated by one or other
> > > platform and then transferring them (my test platform was win2k ->
> > > freebsd-4.8).
> >
> > Not sure what the problem is.
> >
> > If you generate a static key on Windows, you will get CR-LF line
> > termination.
> > If you generate on *nix, you will get LF-only (i.e. newline) termination.
> > Each platform generates interoperable keys. The only strange behaviour I
> > noticed is if you generate a key on Linux then try to edit it with a dumb
> > editor on windows (such as Notepad), it doesn't "get" the line termination
> > right. But OpenVPN will still read the key correctly, as the key reader is
> > mostly whitespace independent.
>
> ok, then the problem is that it's not working as expected. in trhis case
> the key was generated on the win2k side and placed on the bsd server.
> tls-auth failed. after editing with vi and removing ^M characters from
> end of each line, tls-auth passed.
>
> btw, when i tested with win-xp and a key generated on the bsd side i had
> no problem, so i have seen it working as described as well, but on a
> different platform.
Right, tls-auth generates the key by taking the sha1sum of the file, so it
will definitely be influenced by whitespace and newline conventions. When you
said "openvpn generated secret files" I was thinking you were talking about
--genkey and static keys, which are not whitespace dependent.
James