| OLD | NEW |
|---|
| 1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
| 2 <html> | 2 <html> |
| 3 <head> | 3 <head> |
| 4 <meta charset="utf-8"> | 4 <meta charset="utf-8"> |
| 5 <link rel="stylesheet" href="onc_spec.css" > | 5 <link rel="stylesheet" href="onc_spec.css" > |
| 6 <script src="onc_spec.js"></script> | 6 <script src="onc_spec.js"></script> |
| 7 <title>Open Network Configuration Format</title> | 7 <title>Open Network Configuration Format</title> |
| 8 </head> | 8 </head> |
| 9 <body> | 9 <body> |
| 10 | 10 |
| (...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 207 <dt class="field">Certificates</dt> | 207 <dt class="field">Certificates</dt> |
| 208 <dd> | 208 <dd> |
| 209 <span class="field_meta"> | 209 <span class="field_meta"> |
| 210 (optional) | 210 (optional) |
| 211 <span class="type">array of Certificate</span> | 211 <span class="type">array of Certificate</span> |
| 212 </span> | 212 </span> |
| 213 Contains certificates stored in X.509 or PKCS#12 format. | 213 Contains certificates stored in X.509 or PKCS#12 format. |
| 214 </dd> | 214 </dd> |
| 215 </dl> | 215 </dl> |
| 216 | 216 |
| 217 <p> | 217 <p class="rule"> |
| 218 <span class="rule_id"></span> |
| 218 At least one array (either <span class="field">NetworkConfigurations</span> | 219 At least one array (either <span class="field">NetworkConfigurations</span> |
| 219 and/or <span class="field">Certificates</span>) must be present. | 220 and/or <span class="field">Certificates</span>) must be present. |
| 220 </p> | 221 </p> |
| 221 | 222 |
| 222 <section> | 223 <section> |
| 223 <h1>Network Configuration</h1> | 224 <h1>Network Configuration</h1> |
| 224 <p> | 225 <p> |
| 225 Field <span class="field">NetworkConfigurations</span> is an array | 226 Field <span class="field">NetworkConfigurations</span> is an array |
| 226 of <span class="type">NetworkConfiguration</span> typed | 227 of <span class="type">NetworkConfiguration</span> typed |
| 227 objects. The <span class="type">NetworkConfiguration</span> type contains | 228 objects. The <span class="type">NetworkConfiguration</span> type contains |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 303 </dd> | 304 </dd> |
| 304 | 305 |
| 305 <dt class="field">SearchDomains</dt> | 306 <dt class="field">SearchDomains</dt> |
| 306 <dd> | 307 <dd> |
| 307 <span class="field_meta"> | 308 <span class="field_meta"> |
| 308 (optional if <span class="field">Remove</span> is | 309 (optional if <span class="field">Remove</span> is |
| 309 <span class="value">false</span>, otherwise ignored) | 310 <span class="value">false</span>, otherwise ignored) |
| 310 <span class="type">array of string</span> | 311 <span class="type">array of string</span> |
| 311 </span> | 312 </span> |
| 312 Array of strings to append to names for resolution. Items in this array | 313 Array of strings to append to names for resolution. Items in this array |
| 313 should not start with a | 314 should not start with a dot. Example: |
| 314 dot. Example: <span class="snippet">["corp.acme.org", "acme.org"]</span>.
If | 315 <span class="snippet">["corp.acme.org", "acme.org"]</span>. If not |
| 315 not specified, DHCP values will be used. | 316 specified, DHCP values will be used. |
| 316 </dd> | 317 </dd> |
| 317 | 318 |
| 318 <dt class="field">VPN</dt> | 319 <dt class="field">VPN</dt> |
| 319 <dd> | 320 <dd> |
| 320 <span class="field_meta"> | 321 <span class="field_meta"> |
| 321 (required if <span class="field">Type</span> is | 322 (required if <span class="field">Type</span> is |
| 322 <span class="value">VPN</span>, otherwise ignored) | 323 <span class="value">VPN</span>, otherwise ignored) |
| 323 <span class="type">VPN</span> | 324 <span class="type">VPN</span> |
| 324 </span> | 325 </span> |
| 325 VPN settings. | 326 VPN settings. |
| 326 </dd> | 327 </dd> |
| 327 | 328 |
| 328 <dt class="field">WiFi</dt> | 329 <dt class="field">WiFi</dt> |
| 329 <dd> | 330 <dd> |
| 330 <span class="field_meta"> | 331 <span class="field_meta"> |
| 331 (required if <span class="field">Type</span> is | 332 (required if <span class="field">Type</span> is |
| 332 <span class="value">WiFi</span>, otherwise ignored) | 333 <span class="value">WiFi</span>, otherwise ignored) |
| 333 <span class="type">WiFi</span> | 334 <span class="type">WiFi</span> |
| 334 </span> | 335 </span> |
| 335 Wi-Fi settings. | 336 Wi-Fi settings. |
| 336 </dd> | 337 </dd> |
| 337 | 338 |
| 338 <dt class="field">Type</dt> | 339 <dt class="field">Type</dt> |
| 339 <dd> | 340 <dd> |
| 340 <span class="field_meta"> | 341 <span class="field_meta"> |
| 341 (required if <span class="field">Remove</span> is | 342 (required if <span class="field">Remove</span> is |
| 342 <span class="value">false</span>, otherwise ignored) | 343 <span class="value">false</span>, otherwise ignored) |
| 343 <span class="type">string</span> | 344 <span class="type">string</span> |
| 344 </span> | 345 </span> |
| 345 Indicates which kind of connection this is. Must be one | 346 <span class="rule"> |
| 346 of <span class="value">Cellular</span>, | 347 <span class="rule_id"></span> |
| 347 <span class="value">Ethernet</span>, <span class="value">WiFi</span>, or | 348 Allowed values are <span class="value">Cellular</span>, |
| 348 <span class="value">VPN</span>. | 349 <span class="value">Ethernet</span>, <span class="value">WiFi</span>, |
| 350 and <span class="value">VPN</span>. |
| 351 </span> |
| 352 Indicates which kind of connection this is. |
| 349 </dd> | 353 </dd> |
| 350 </dl> | 354 </dl> |
| 351 | 355 |
| 352 <section> | 356 <section> |
| 353 <h1>Ethernet networks</h1> | 357 <h1>Ethernet networks</h1> |
| 354 <p> | 358 <p> |
| 355 For Ethernet connections, <span class="field">Type</span> must be set to | 359 For Ethernet connections, <span class="field">Type</span> must be set to |
| 356 <span class="value">Ethernet</span> and the | 360 <span class="value">Ethernet</span> and the |
| 357 field <span class="field">Ethernet</span> must be set to an object of | 361 field <span class="field">Ethernet</span> must be set to an object of |
| 358 type <span class="type">Ethernet</span> containing the following fields: | 362 type <span class="type">Ethernet</span> containing the following fields: |
| 359 </p> | 363 </p> |
| 360 | 364 |
| 361 <dl class="field_list"> | 365 <dl class="field_list"> |
| 362 <dt class="field">Authentication</dt> | 366 <dt class="field">Authentication</dt> |
| 363 <dd> | 367 <dd> |
| 364 <span class="field_meta"> | 368 <span class="field_meta"> |
| 365 (optional) | 369 (optional) |
| 366 <span class="type">string</span> | 370 <span class="type">string</span> |
| 367 </span> | 371 </span> |
| 368 Either <span class="value">None</span> | 372 <span class="rule"> |
| 369 or <span class="value">8021X</span>. | 373 <span class="rule_id"></span> |
| 374 Allowed values are <span class="value">None</span> and |
| 375 <span class="value">8021X</span>. |
| 376 </span> |
| 370 </dd> | 377 </dd> |
| 371 | 378 |
| 372 <dt class="field">EAP</dt> | 379 <dt class="field">EAP</dt> |
| 373 <dd> | 380 <dd> |
| 374 <span class="field_meta"> | 381 <span class="field_meta"> |
| 375 (required if <span class="field">Authentication</span> is | 382 (required if <span class="field">Authentication</span> is |
| 376 <span class="value">8021X</span>, otherwise ignored) | 383 <span class="value">8021X</span>, otherwise ignored) |
| 377 <span class="type">EAP</span> | 384 <span class="type">EAP</span> |
| 378 </span> | 385 </span> |
| 379 EAP settings. | 386 EAP settings. |
| (...skipping 10 matching lines...) Expand all Loading... |
| 390 particular static IP configuration and contains the following fields: | 397 particular static IP configuration and contains the following fields: |
| 391 </p> | 398 </p> |
| 392 | 399 |
| 393 <dl class="field_list"> | 400 <dl class="field_list"> |
| 394 <dt class="field">Type</dt> | 401 <dt class="field">Type</dt> |
| 395 <dd> | 402 <dd> |
| 396 <span class="field_meta"> | 403 <span class="field_meta"> |
| 397 (required) | 404 (required) |
| 398 <span class="type">string</span> | 405 <span class="type">string</span> |
| 399 </span> | 406 </span> |
| 400 Must be either <span class="value">IPv4</span> | 407 <span class="rule"> |
| 401 or <span class="value">IPv6</span>, describing the type of configuration | 408 <span class="rule_id"></span> |
| 402 this is. | 409 Allowed values are <span class="value">IPv4</span> |
| 410 and <span class="value">IPv6</span> |
| 411 </span> |
| 412 Describes the type of configuration this is. |
| 403 </dd> | 413 </dd> |
| 404 | 414 |
| 405 <dt class="field">IPAddress</dt> | 415 <dt class="field">IPAddress</dt> |
| 406 <dd> | 416 <dd> |
| 407 <span class="field_meta"> | 417 <span class="field_meta"> |
| 408 (required) | 418 (required) |
| 409 <span class="type">string</span> | 419 <span class="type">string</span> |
| 410 </span> | 420 </span> |
| 411 Describes the IPv4 or IPv6 address of a connection, depending on the value | 421 Describes the IPv4 or IPv6 address of a connection, depending on the value |
| 412 of <span class="field">Type</span> field. It should not contain the | 422 of <span class="field">Type</span> field. It should not contain the |
| 413 routing prefix (i.e. should not end in something like /64). | 423 routing prefix (i.e. should not end in something like /64). |
| 414 </dd> | 424 </dd> |
| 415 | 425 |
| 416 <dt class="field">RoutingPrefix</dt> | 426 <dt class="field">RoutingPrefix</dt> |
| 417 <dd> | 427 <dd> |
| 418 <span class="field_meta"> | 428 <span class="field_meta"> |
| 419 (required) | 429 (required) |
| 420 <span class="type">integer</span> | 430 <span class="type">integer</span> |
| 421 </span> | 431 </span> |
| 422 Describes the routing prefix. This is a number in the range [1, 32] for | 432 <span class="rule"> |
| 423 IPv4 and [1, 128] for IPv6 addresses. | 433 <span class="rule_id"></span> |
| 434 Must be a number in the range [1, 32] for IPv4 and [1, 128] for IPv6 |
| 435 addresses. |
| 436 </span> |
| 437 Describes the routing prefix. |
| 424 </dd> | 438 </dd> |
| 425 | 439 |
| 426 <dt class="field">Gateway</dt> | 440 <dt class="field">Gateway</dt> |
| 427 <dd> | 441 <dd> |
| 428 <span class="field_meta"> | 442 <span class="field_meta"> |
| 429 (optional) | 443 (optional) |
| 430 <span class="type">string</span> | 444 <span class="type">string</span> |
| 431 </span> | 445 </span> |
| 432 Describes the gateway address to use for the configuration. Must match | 446 Describes the gateway address to use for the configuration. Must match |
| 433 address type specified in | 447 address type specified in <span class="field">Type</span> field. If not |
| 434 <span class="field">Type</span> field. If not specified, DHCP values will | 448 specified, DHCP values will be used. |
| 435 be used. </dd> | 449 </dd> |
| 436 | 450 |
| 437 <dt class="field">NameServers</dt> | 451 <dt class="field">NameServers</dt> |
| 438 <dd> | 452 <dd> |
| 439 <span class="field_meta"> | 453 <span class="field_meta"> |
| 440 (optional) | 454 (optional) |
| 441 <span class="type">array of string</span> | 455 <span class="type">array of string</span> |
| 442 </span> | 456 </span> |
| 443 Array of addresses to use for name servers. Address format must match that | 457 Array of addresses to use for name servers. Address format must match that |
| 444 specified in the <span class="field">Type</span> field. Overrides values | 458 specified in the <span class="field">Type</span> field. Overrides values |
| 445 in the top level NameServers field for this configuration. If not | 459 in the top level NameServers field for this configuration. If not |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 514 must be of the format 0x<hex-number>, where <hex-number> is | 528 must be of the format 0x<hex-number>, where <hex-number> is |
| 515 40, 104, 128, or 232 bits. | 529 40, 104, 128, or 232 bits. |
| 516 </dd> | 530 </dd> |
| 517 | 531 |
| 518 <dt class="field">Security</dt> | 532 <dt class="field">Security</dt> |
| 519 <dd> | 533 <dd> |
| 520 <span class="field_meta"> | 534 <span class="field_meta"> |
| 521 (required) | 535 (required) |
| 522 <span class="type">string</span> | 536 <span class="type">string</span> |
| 523 </span> | 537 </span> |
| 524 One of <span class="value">None</span>, <span class="value">WEP-PSK</span>
, | 538 <span class="rule"> |
| 525 <span class="value">WEP-8021X</span>, <span class="value">WPA-PSK</span>, | 539 <span class="rule_id"></span> |
| 526 <span class="value">WPA-EAP</span>. | 540 Allowed values are <span class="value">None</span>, |
| 541 <span class="value">WEP-PSK</span>, |
| 542 <span class="value">WEP-8021X</span>, |
| 543 <span class="value">WPA-PSK</span>, and |
| 544 <span class="value">WPA-EAP</span>. |
| 545 </span> |
| 527 </dd> | 546 </dd> |
| 528 | 547 |
| 529 <dt class="field">SSID</dt> | 548 <dt class="field">SSID</dt> |
| 530 <dd> | 549 <dd> |
| 531 <span class="field_meta"> | 550 <span class="field_meta"> |
| 532 (required) | 551 (required) |
| 533 <span class="type">string</span> | 552 <span class="type">string</span> |
| 534 </span> | 553 </span> |
| 535 SSID of the network. | 554 SSID of the network. |
| 536 </dd> | 555 </dd> |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 606 </span> | 625 </span> |
| 607 OpenVPN settings. | 626 OpenVPN settings. |
| 608 </dd> | 627 </dd> |
| 609 | 628 |
| 610 <dt class="field">Type</dt> | 629 <dt class="field">Type</dt> |
| 611 <dd> | 630 <dd> |
| 612 <span class="field_meta"> | 631 <span class="field_meta"> |
| 613 (required) | 632 (required) |
| 614 <span class="type">string</span> | 633 <span class="type">string</span> |
| 615 </span> | 634 </span> |
| 616 Type of the VPN, one of | 635 <span class="rule"> |
| 617 <span class="value">IPsec</span>, <span class="value">L2TP-IPsec</span>, | 636 <span class="rule_id"></span> |
| 618 or <span class="value">OpenVPN</span>. | 637 Allowed values are <span class="value">IPsec</span>, |
| 638 <span class="value">L2TP-IPsec</span>, and |
| 639 <span class="value">OpenVPN</span>. |
| 640 </span> |
| 641 Type of the VPN. |
| 619 </dd> | 642 </dd> |
| 620 </dl> | 643 </dl> |
| 621 | 644 |
| 622 <section> | 645 <section> |
| 623 <h1>IPsec-based VPN types</h1> | 646 <h1>IPsec-based VPN types</h1> |
| 624 <p> | 647 <p> |
| 625 The <span class="type">IPsec</span> type contains the following: | 648 The <span class="type">IPsec</span> type contains the following: |
| 626 </p> | 649 </p> |
| 627 | 650 |
| 628 <dl class="field_list"> | 651 <dl class="field_list"> |
| 629 <dt class="field">AuthenticationType</dt> | 652 <dt class="field">AuthenticationType</dt> |
| 630 <dd> | 653 <dd> |
| 631 <span class="field_meta"> | 654 <span class="field_meta"> |
| 632 (required) | 655 (required) |
| 633 <span class="type">string</span> | 656 <span class="type">string</span> |
| 634 </span> | 657 </span> |
| 635 Either <span class="value">PSK</span> or <span class="value">Cert</span> | 658 <span class="rule"> |
| 659 <span class="rule_id"></span> |
| 660 Allowed values are <span class="value">PSK</span> and |
| 661 <span class="value">Cert</span> |
| 662 </span> |
| 636 </dd> | 663 </dd> |
| 637 | 664 |
| 638 <dt class="field">ClientCertPattern</dt> | 665 <dt class="field">ClientCertPattern</dt> |
| 639 <dd> | 666 <dd> |
| 640 <span class="field_meta"> | 667 <span class="field_meta"> |
| 641 (required if <span class="field">ClientCertType</span> | 668 (required if <span class="field">ClientCertType</span> |
| 642 is <span class="value">Pattern</span>, otherwise ignored) | 669 is <span class="value">Pattern</span>, otherwise ignored) |
| 643 <span class="type">CertificatePattern</span> | 670 <span class="type">CertificatePattern</span> |
| 644 </span> | 671 </span> |
| 645 Pattern describing the client certificate. | 672 Pattern describing the client certificate. |
| 646 </dd> | 673 </dd> |
| 647 | 674 |
| 648 <dt class="field">ClientCertRef</dt> | 675 <dt class="field">ClientCertRef</dt> |
| 649 <dd> | 676 <dd> |
| 650 <span class="field_meta"> | 677 <span class="field_meta"> |
| 651 (required if <span class="field">ClientCertType</span> | 678 (required if <span class="field">ClientCertType</span> |
| 652 is <span class="value">Ref</span>, otherwise ignored) | 679 is <span class="value">Ref</span>, otherwise ignored) |
| 653 <span class="type">string</span> | 680 <span class="type">string</span> |
| 654 </span> | 681 </span> |
| 655 Reference to client certificate stored in certificate section. | 682 Reference to client certificate stored in certificate section. |
| 656 </dd> | 683 </dd> |
| 657 | 684 |
| 658 <dt class="field">ClientCertType</dt> | 685 <dt class="field">ClientCertType</dt> |
| 659 <dd> | 686 <dd> |
| 660 <span class="field_meta"> | 687 <span class="field_meta"> |
| 661 (required if <span class="field">AuthenticationType</span> | 688 (required if <span class="field">AuthenticationType</span> |
| 662 is <span class="value">Cert</span>, otherwise ignored) | 689 is <span class="value">Cert</span>, otherwise ignored) |
| 663 <span class="type">string</span> | 690 <span class="type">string</span> |
| 664 </span> | 691 </span> |
| 665 Either <span class="value">Ref</span> | 692 <span class="rule"> |
| 666 or <span class="value">Pattern</span> | 693 <span class="rule_id"></span> |
| 694 Allowed values are <span class="value">Ref</span> and |
| 695 <span class="value">Pattern</span> |
| 696 </span> |
| 667 </dd> | 697 </dd> |
| 668 | 698 |
| 669 <dt class="field">EAP</dt> | 699 <dt class="field">EAP</dt> |
| 670 <dd> | 700 <dd> |
| 671 <span class="field_meta"> | 701 <span class="field_meta"> |
| 672 (optional if <span class="field">IKEVersion</span> is 2, otherwise | 702 (optional if <span class="field">IKEVersion</span> is 2, otherwise |
| 673 ignored) | 703 ignored) |
| 674 <span class="type">EAP</span> | 704 <span class="type">EAP</span> |
| 675 </span> | 705 </span> |
| 676 Indicating that EAP authentication should be used with the provided | 706 Indicating that EAP authentication should be used with the provided |
| (...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 856 </li> | 886 </li> |
| 857 <li>The field <span class="field">L2TP</span> must be present.</li> | 887 <li>The field <span class="field">L2TP</span> must be present.</li> |
| 858 </ul> | 888 </ul> |
| 859 </section> | 889 </section> |
| 860 | 890 |
| 861 </section> | 891 </section> |
| 862 | 892 |
| 863 <section> | 893 <section> |
| 864 <h1>OpenVPN connections and types</h1> | 894 <h1>OpenVPN connections and types</h1> |
| 865 <p> | 895 <p> |
| 866 <span class="field">VPN.Type</span> must | 896 <span class="field">VPN.Type</span> must be |
| 867 be <span class="value">OpenVPN</span>. | 897 <span class="value">OpenVPN</span>. |
| 868 </p> | 898 </p> |
| 869 | 899 |
| 870 <p> | 900 <p> |
| 871 <span class="type">OpenVPN</span> type contains the following: | 901 <span class="type">OpenVPN</span> type contains the following: |
| 872 </p> | 902 </p> |
| 873 | 903 |
| 874 <dl class="field_list"> | 904 <dl class="field_list"> |
| 875 <dt class="field">Auth</dt> | 905 <dt class="field">Auth</dt> |
| 876 <dd> | 906 <dd> |
| 877 <span class="field_meta"> | 907 <span class="field_meta"> |
| 878 (optional, defaults to <span class="value">SHA1</span>) | 908 (optional, defaults to <span class="value">SHA1</span>) |
| 879 <span class="type">string</span> | 909 <span class="type">string</span> |
| 880 </span> | 910 </span> |
| 881 </dd> | 911 </dd> |
| 882 | 912 |
| 883 <dt class="field">AuthRetry</dt> | 913 <dt class="field">AuthRetry</dt> |
| 884 <dd> | 914 <dd> |
| 885 <span class="field_meta"> | 915 <span class="field_meta"> |
| 886 (optional, defaults to <span class="value">none</span>) | 916 (optional, defaults to <span class="value">none</span>) |
| 887 <span class="type">string</span> | 917 <span class="type">string</span> |
| 888 </span> | 918 </span> |
| 919 <span class="rule"> |
| 920 <span class="rule_id"></span> |
| 921 Allowed values are <span class="value">none</span>, |
| 922 <span class="value">nointeract</span>, and |
| 923 <span class="value">interact</span>. |
| 924 </span> |
| 889 Controls how OpenVPN responds to username/password verification | 925 Controls how OpenVPN responds to username/password verification |
| 890 errors. Allowed values are <span class="value">none</span> (fail with | 926 errors:<br> Either fail with error on retry |
| 891 error on retry), <span class="value">nointeract</span> (retry without | 927 (<span class="value">none</span>), retry without asking for authentication |
| 892 asking for authentication), and <span class="value">interact</span> (ask | 928 (<span class="value">nointeract</span>), or ask again for authentication |
| 893 again for authentication each time). | 929 each time (<span class="value">interact</span>). |
| 894 </dd> | 930 </dd> |
| 895 | 931 |
| 896 <dt class="field">AuthNoCache</dt> | 932 <dt class="field">AuthNoCache</dt> |
| 897 <dd> | 933 <dd> |
| 898 <span class="field_meta"> | 934 <span class="field_meta"> |
| 899 (optional, defaults to <span class="value">false</span>) | 935 (optional, defaults to <span class="value">false</span>) |
| 900 <span class="type">boolean</span> | 936 <span class="type">boolean</span> |
| 901 </span> | 937 </span> |
| 902 Disable caching of credentials in memory. | 938 Disable caching of credentials in memory. |
| 903 </dd> | 939 </dd> |
| (...skipping 26 matching lines...) Expand all Loading... |
| 930 </span> | 966 </span> |
| 931 Pattern to use to find the client certificate. | 967 Pattern to use to find the client certificate. |
| 932 </dd> | 968 </dd> |
| 933 | 969 |
| 934 <dt class="field">ClientCertType</dt> | 970 <dt class="field">ClientCertType</dt> |
| 935 <dd> | 971 <dd> |
| 936 <span class="field_meta"> | 972 <span class="field_meta"> |
| 937 (required) | 973 (required) |
| 938 <span class="type">string</span> | 974 <span class="type">string</span> |
| 939 </span> | 975 </span> |
| 940 Either <span class="value">Ref</span>, <span class="value">Pattern</span>, | 976 <span class="rule"> |
| 941 or <span class="value">None</span>. <span class="value">None</span> | 977 <span class="rule_id"></span> |
| 942 implies that the server is configured to not require client certificates. | 978 Allowed values are <span class="value">Ref</span>, |
| 979 <span class="value">Pattern</span>, and <span class="value">None</span>. |
| 980 </span> |
| 981 <span class="value">None</span> implies that the server is configured to |
| 982 not require client certificates. |
| 943 </dd> | 983 </dd> |
| 944 | 984 |
| 945 <dt class="field">CompLZO</dt> | 985 <dt class="field">CompLZO</dt> |
| 946 <dd> | 986 <dd> |
| 947 <span class="field_meta"> | 987 <span class="field_meta"> |
| 948 (optional, defaults to <span class="value">adaptive</span>) | 988 (optional, defaults to <span class="value">adaptive</span>) |
| 949 <span class="type">string</span> | 989 <span class="type">string</span> |
| 950 </span> | 990 </span> |
| 951 Decides to fast LZO compression with <span class="value">true</span> | 991 Decides to fast LZO compression with <span class="value">true</span> |
| 952 and <span class="value">false</span> as other values. | 992 and <span class="value">false</span> as other values. |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1034 Require the given array of key usage numbers. These are strings that are | 1074 Require the given array of key usage numbers. These are strings that are |
| 1035 hex encoded numbers. | 1075 hex encoded numbers. |
| 1036 </dd> | 1076 </dd> |
| 1037 | 1077 |
| 1038 <dt class="field">RemoteCertTLS</dt> | 1078 <dt class="field">RemoteCertTLS</dt> |
| 1039 <dd> | 1079 <dd> |
| 1040 <span class="field_meta"> | 1080 <span class="field_meta"> |
| 1041 (optional, defaults to <span class="value">server</span>) | 1081 (optional, defaults to <span class="value">server</span>) |
| 1042 <span class="type">string</span> | 1082 <span class="type">string</span> |
| 1043 </span> | 1083 </span> |
| 1044 Require peer certificate signing based on RFC3280 TLS rules. May | 1084 <span class="rule"> |
| 1045 be <span class="value">none</span> or <span class="value">server</span>. | 1085 <span class="rule_id"></span> |
| 1086 Allowed values are <span class="value">none</span> and |
| 1087 <span class="value">server</span>. |
| 1088 </span> |
| 1089 Require peer certificate signing based on RFC3280 TLS rules. |
| 1046 </dd> | 1090 </dd> |
| 1047 | 1091 |
| 1048 <dt class="field">RenegSec</dt> | 1092 <dt class="field">RenegSec</dt> |
| 1049 <dd> | 1093 <dd> |
| 1050 <span class="field_meta"> | 1094 <span class="field_meta"> |
| 1051 (optional, defaults to <span class="value">3600</span>) | 1095 (optional, defaults to <span class="value">3600</span>) |
| 1052 <span class="type">integer</span> | 1096 <span class="type">integer</span> |
| 1053 </span> | 1097 </span> |
| 1054 Renegotiate data channel key after this number of seconds. | 1098 Renegotiate data channel key after this number of seconds. |
| 1055 </dd> | 1099 </dd> |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1153 </dl> | 1197 </dl> |
| 1154 </section> | 1198 </section> |
| 1155 | 1199 |
| 1156 </section> | 1200 </section> |
| 1157 | 1201 |
| 1158 <section> | 1202 <section> |
| 1159 <h1>Client certificate patterns</h1> | 1203 <h1>Client certificate patterns</h1> |
| 1160 <p> | 1204 <p> |
| 1161 In order to allow clients to securely key their private keys and request | 1205 In order to allow clients to securely key their private keys and request |
| 1162 certificates through PKCS#10 format or through a web flow, we provide | 1206 certificates through PKCS#10 format or through a web flow, we provide |
| 1163 alternative CertificatePattern | 1207 alternative CertificatePattern types. The |
| 1164 types. The <span class="type">CertificatePattern</span> type contains the | 1208 <span class="type">CertificatePattern</span> type contains the following: |
| 1165 following: | |
| 1166 </p> | 1209 </p> |
| 1167 | 1210 |
| 1168 <dl class="field_list"> | 1211 <dl class="field_list"> |
| 1169 <dt class="field">IssuerCARef</dt> | 1212 <dt class="field">IssuerCARef</dt> |
| 1170 <dd> | 1213 <dd> |
| 1171 <span class="field_meta"> | 1214 <span class="field_meta"> |
| 1172 (optional) | 1215 (optional) |
| 1173 <span class="type">array of string</span> | 1216 <span class="type">array of string</span> |
| 1174 </span> | 1217 </span> |
| 1175 Array of references to certificates. At least one must have signed the | 1218 Array of references to certificates. At least one must have signed the |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1254 <dd> | 1297 <dd> |
| 1255 <span class="field_meta"> | 1298 <span class="field_meta"> |
| 1256 (optional) | 1299 (optional) |
| 1257 <span class="type">string</span> | 1300 <span class="type">string</span> |
| 1258 </span> | 1301 </span> |
| 1259 At least one of certificate subject's organizational units must match this | 1302 At least one of certificate subject's organizational units must match this |
| 1260 string if present. | 1303 string if present. |
| 1261 </dd> | 1304 </dd> |
| 1262 </dl> | 1305 </dl> |
| 1263 | 1306 |
| 1264 <p> | 1307 <p class="rule"> |
| 1265 One field | 1308 <span class="rule_id"></span> |
| 1266 in <span class="field">Subject</span>, <span class="field">Issuer</span>, | 1309 One field in <span class="field">Subject</span>, |
| 1267 or <span class="field">IssuerCARef</span> must be given for a | 1310 <span class="field">Issuer</span>, or <span class="field">IssuerCARef</span> |
| 1268 <span class="type">CertificatePattern</span> typed field to be valid. For a | 1311 must be given for a <span class="type">CertificatePattern</span> typed field |
| 1269 certificate to be considered matching, it must match all the fields in the | 1312 to be valid. |
| 1270 certificate pattern. If multiple certificates match, the certificate with | |
| 1271 the latest issue date that is still in the past, and hence valid, will be | |
| 1272 used. | |
| 1273 </p> | 1313 </p> |
| 1274 | 1314 |
| 1275 <p> | 1315 <p> |
| 1316 For a certificate to be considered matching, it must match all |
| 1317 the fields in the certificate pattern. If multiple certificates match, the |
| 1318 certificate with the latest issue date that is still in the past, and hence |
| 1319 valid, will be used. |
| 1320 </p> |
| 1321 |
| 1322 <p> |
| 1276 If <span class="field">EnrollmentURI</span> is not given and no match is | 1323 If <span class="field">EnrollmentURI</span> is not given and no match is |
| 1277 found to this pattern, the importing tool may show an error to the user. | 1324 found to this pattern, the importing tool may show an error to the user. |
| 1278 </p> | 1325 </p> |
| 1279 </section> | 1326 </section> |
| 1280 | 1327 |
| 1281 <section> | 1328 <section> |
| 1282 <h1>Proxy settings</h1> | 1329 <h1>Proxy settings</h1> |
| 1283 <p> | 1330 <p> |
| 1284 Every network can be configured to use a | 1331 Every network can be configured to use a |
| 1285 proxy. The <span class="type">ProxySettings</span> type contains the | 1332 proxy. The <span class="type">ProxySettings</span> type contains the |
| 1286 following: | 1333 following: |
| 1287 </p> | 1334 </p> |
| 1288 | 1335 |
| 1289 <dl class="field_list"> | 1336 <dl class="field_list"> |
| 1290 <dt class="field">Type</dt> | 1337 <dt class="field">Type</dt> |
| 1291 <dd> | 1338 <dd> |
| 1292 <span class="field_meta"> | 1339 <span class="field_meta"> |
| 1293 (required) | 1340 (required) |
| 1294 <span class="type">string</span> | 1341 <span class="type">string</span> |
| 1295 </span> | 1342 </span> |
| 1296 One | 1343 <span class="rule"> |
| 1297 of <span class="value">Direct</span>, <span class="value">Manual</span>, | 1344 <span class="rule_id"></span> |
| 1298 <span class="value">PAC</span>, or <span class="value">WPAD</span>. | 1345 Allowed values are <span class="value">Direct</span>, |
| 1346 <span class="value">Manual</span>, <span class="value">PAC</span>, and |
| 1347 <span class="value">WPAD</span>. |
| 1348 </span> |
| 1299 <span class="value">PAC</span> indicates Proxy Auto-Configuration. | 1349 <span class="value">PAC</span> indicates Proxy Auto-Configuration. |
| 1300 <span class="value">WPAD</span> indicates Web Proxy Autodiscovery. | 1350 <span class="value">WPAD</span> indicates Web Proxy Autodiscovery. |
| 1301 </dd> | 1351 </dd> |
| 1302 | 1352 |
| 1303 <dt class="field">Manual</dt> | 1353 <dt class="field">Manual</dt> |
| 1304 <dd> | 1354 <dd> |
| 1305 <span class="field_meta"> | 1355 <span class="field_meta"> |
| 1306 (required if <span class="field">Type</span> | 1356 (required if <span class="field">Type</span> |
| 1307 is <span class="value">Manual</span>, otherwise ignored) | 1357 is <span class="value">Manual</span>, otherwise ignored) |
| 1308 <span class="type">ManualProxySettings</span> | 1358 <span class="type">ManualProxySettings</span> |
| (...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1440 <span class="type">string</span> | 1490 <span class="type">string</span> |
| 1441 </span> | 1491 </span> |
| 1442 Reference to client certificate stored in certificate section. | 1492 Reference to client certificate stored in certificate section. |
| 1443 </dd> | 1493 </dd> |
| 1444 | 1494 |
| 1445 <dt class="field">ClientCertType</dt> | 1495 <dt class="field">ClientCertType</dt> |
| 1446 <dd> | 1496 <dd> |
| 1447 <span class="field_meta"> | 1497 <span class="field_meta"> |
| 1448 (optional) <span class="type">string</span> | 1498 (optional) <span class="type">string</span> |
| 1449 </span> | 1499 </span> |
| 1450 Must be either <span class="value">Ref</span> | 1500 <span class="rule"> |
| 1451 or <span class="value">Pattern</span>. | 1501 <span class="rule_id"></span> |
| 1502 Allowed values are <span class="value">Ref</span>, and |
| 1503 <span class="value">Pattern</span>. |
| 1504 </span> |
| 1452 </dd> | 1505 </dd> |
| 1453 | 1506 |
| 1454 <dt class="field">Identity</dt> | 1507 <dt class="field">Identity</dt> |
| 1455 <dd> | 1508 <dd> |
| 1456 <span class="field_meta"> | 1509 <span class="field_meta"> |
| 1457 (optional) | 1510 (optional) |
| 1458 <span class="type">string</span> | 1511 <span class="type">string</span> |
| 1459 </span> | 1512 </span> |
| 1460 Identity of user. For tunneling outer protocols | 1513 Identity of user. For tunneling outer protocols |
| 1461 (<span class="value">PEAP</span>, <span class="value">EAP-TTLS</span>, and | 1514 (<span class="value">PEAP</span>, <span class="value">EAP-TTLS</span>, and |
| 1462 <span class="value">EAP-FAST</span>), this is used to authenticate inside | 1515 <span class="value">EAP-FAST</span>), this is used to authenticate inside |
| 1463 the tunnel, and <span class="field">AnonymousIdentity</span> is used for | 1516 the tunnel, and <span class="field">AnonymousIdentity</span> is used for |
| 1464 the EAP identity outside the tunnel. For non-tunneling outer protocols, | 1517 the EAP identity outside the tunnel. For non-tunneling outer protocols, |
| 1465 this is used for the EAP identity. This value is subject to string | 1518 this is used for the EAP identity. This value is subject to string |
| 1466 expansions. | 1519 expansions. |
| 1467 </dd> | 1520 </dd> |
| 1468 | 1521 |
| 1469 <dt class="field">Inner</dt> | 1522 <dt class="field">Inner</dt> |
| 1470 <dd> | 1523 <dd> |
| 1471 <span class="field_meta"> | 1524 <span class="field_meta"> |
| 1472 (optional if <span class="field">Outer</span> is | 1525 (optional if <span class="field">Outer</span> is |
| 1473 <span class="value">EAP-FAST</span>, <span class="value">EAP-TTLS</span> | 1526 <span class="value">EAP-FAST</span>, <span class="value">EAP-TTLS</span> |
| 1474 or <span class="value">PEAP</span>, otherwise ignored, defaults to | 1527 or <span class="value">PEAP</span>, otherwise ignored, defaults to |
| 1475 <span class="value">Automatic</span>) | 1528 <span class="value">Automatic</span>) |
| 1476 <span class="type">string</span> | 1529 <span class="type">string</span> |
| 1477 </span> | 1530 </span> |
| 1478 Must be one of <span class="value">Automatic</span>, | 1531 <span class="rule"> |
| 1479 <span class="value">MD5</span>, <span class="value">MSCHAPv2</span>, | 1532 <span class="rule_id"></span> |
| 1480 <span class="value">EAP-MSCHAPv2</span>, <span class="value">PAP</span>. | 1533 Allowed values are <span class="value">Automatic</span>, |
| 1534 <span class="value">MD5</span>, <span class="value">MSCHAPv2</span>, |
| 1535 <span class="value">EAP-MSCHAPv2</span>, and |
| 1536 <span class="value">PAP</span>. |
| 1537 </span> |
| 1481 For tunneling outer protocols. | 1538 For tunneling outer protocols. |
| 1482 </dd> | 1539 </dd> |
| 1483 | 1540 |
| 1484 <dt class="field">Outer</dt> | 1541 <dt class="field">Outer</dt> |
| 1485 <dd> | 1542 <dd> |
| 1486 <span class="field_meta"> | 1543 <span class="field_meta"> |
| 1487 (required) | 1544 (required) |
| 1488 <span class="type">string</span> | 1545 <span class="type">string</span> |
| 1489 </span> | 1546 </span> |
| 1490 Must be one of <span class="value">LEAP</span>, | 1547 <span class="rule"> |
| 1491 <span class="value">EAP-AKA</span>, <span class="value">EAP-FAST</span>, | 1548 <span class="rule_id"></span> |
| 1492 <span class="value">EAP-TLS</span>, <span class="value">EAP-TTLS</span>, | 1549 Allowed values are <span class="value">LEAP</span>, |
| 1493 <span class="value">EAP-SIM</span> or <span class="value">PEAP</span>. | 1550 <span class="value">EAP-AKA</span>, <span class="value">EAP-FAST</span>, |
| 1551 <span class="value">EAP-TLS</span>, <span class="value">EAP-TTLS</span>, |
| 1552 <span class="value">EAP-SIM</span> and <span class="value">PEAP</span>. |
| 1553 </span> |
| 1494 </dd> | 1554 </dd> |
| 1495 | 1555 |
| 1496 <dt class="field">Password</dt> | 1556 <dt class="field">Password</dt> |
| 1497 <dd> | 1557 <dd> |
| 1498 <span class="field_meta"> | 1558 <span class="field_meta"> |
| 1499 (optional) | 1559 (optional) |
| 1500 <span class="type">string</span> | 1560 <span class="type">string</span> |
| 1501 </span> | 1561 </span> |
| 1502 Password of user. If not specified, defaults to prompting the user. | 1562 Password of user. If not specified, defaults to prompting the user. |
| 1503 </dd> | 1563 </dd> |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1628 set to <span class="snippet">["Web"]</span>. | 1688 set to <span class="snippet">["Web"]</span>. |
| 1629 </dd> | 1689 </dd> |
| 1630 | 1690 |
| 1631 <dt class="field">Type</dt> | 1691 <dt class="field">Type</dt> |
| 1632 <dd> | 1692 <dd> |
| 1633 <span class="field_meta"> | 1693 <span class="field_meta"> |
| 1634 (required if <span class="field">Remove</span> is | 1694 (required if <span class="field">Remove</span> is |
| 1635 <span class="value">false</span>, otherwise ignored) | 1695 <span class="value">false</span>, otherwise ignored) |
| 1636 <span class="type">string</span> | 1696 <span class="type">string</span> |
| 1637 </span> | 1697 </span> |
| 1638 One | 1698 <span class="rule"> |
| 1639 of <span class="value">Client</span>, <span class="value">Server</span>, | 1699 <span class="rule_id"></span> |
| 1640 or <span class="value">Authority</span>. <span class="value">Client</span> | 1700 Allowed values are <span class="value">Client</span>, |
| 1641 indicates the certificate is for identifying the user or device over HTTPS | 1701 <span class="value">Server</span>, and |
| 1642 or for VPN/802.1X. <span class="value">Server</span> indicates the | 1702 <span class="value">Authority</span>. |
| 1643 certificate identifies an HTTPS or VPN/802.1X | 1703 </span> |
| 1644 peer. <span class="value">Authority</span> indicates the certificate is a | 1704 <span class="value">Client</span> indicates the certificate is for |
| 1705 identifying the user or device over HTTPS or for |
| 1706 VPN/802.1X. <span class="value">Server</span> indicates the certificate |
| 1707 identifies an HTTPS or VPN/802.1X peer. |
| 1708 <span class="value">Authority</span> indicates the certificate is a |
| 1645 certificate authority and any certificates it issues should be | 1709 certificate authority and any certificates it issues should be |
| 1646 trusted. Note that if <span class="field">Type</span> disagrees with the | 1710 trusted. Note that if <span class="field">Type</span> disagrees with the |
| 1647 x509 v3 basic constraints or key usage attributes, | 1711 x509 v3 basic constraints or key usage attributes, the |
| 1648 the <span class="field">Type</span> field should be honored. | 1712 <span class="field">Type</span> field should be honored. |
| 1649 </dd> | 1713 </dd> |
| 1650 | 1714 |
| 1651 <dt class="field">X509</dt> | 1715 <dt class="field">X509</dt> |
| 1652 <dd> | 1716 <dd> |
| 1653 <span class="field_meta"> | 1717 <span class="field_meta"> |
| 1654 (required if <span class="field">Type</span> is | 1718 (required if <span class="field">Type</span> is |
| 1655 <span class="value">Server</span> or | 1719 <span class="value">Server</span> or |
| 1656 <span class="value">Authority</span>, otherwise ignored) | 1720 <span class="value">Authority</span>, otherwise ignored) |
| 1657 <span class="type">string</span> | 1721 <span class="type">string</span> |
| 1658 </span> For certificate | 1722 </span> For certificate |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1782 <dd> | 1846 <dd> |
| 1783 <span class="field_meta"> | 1847 <span class="field_meta"> |
| 1784 (required) | 1848 (required) |
| 1785 <span class="type">string</span> | 1849 <span class="type">string</span> |
| 1786 </span> | 1850 </span> |
| 1787 The type of the ONC file, which must be set | 1851 The type of the ONC file, which must be set |
| 1788 to <span class="value">EncryptedConfiguration</span>. | 1852 to <span class="value">EncryptedConfiguration</span>. |
| 1789 </dd> | 1853 </dd> |
| 1790 </dl> | 1854 </dl> |
| 1791 | 1855 |
| 1792 <p> | 1856 <p class="rule"> |
| 1857 <span class="rule_id"></span> |
| 1793 When decrypted, the ciphertext must contain a JSON object of | 1858 When decrypted, the ciphertext must contain a JSON object of |
| 1794 type <span class="type">UnencryptedConfiguration</span>. | 1859 type <span class="type">UnencryptedConfiguration</span>. |
| 1795 </p> | 1860 </p> |
| 1796 </section> | 1861 </section> |
| 1797 | 1862 |
| 1798 <section> | 1863 <section> |
| 1799 <h1>String Expansions</h1> | 1864 <h1>String Expansions</h1> |
| 1800 <p> | 1865 <p> |
| 1801 The values of some fields, such | 1866 The values of some fields, such |
| 1802 as <span class="field">WiFi.EAP.Identity</span> | 1867 as <span class="field">WiFi.EAP.Identity</span> |
| (...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2081 is transmitted or saved to disk should be secure. On client device, when | 2146 is transmitted or saved to disk should be secure. On client device, when |
| 2082 user names for connections that are user-specific are persisted to disk, | 2147 user names for connections that are user-specific are persisted to disk, |
| 2083 they should be stored in a location that is encrypted. Users can also opt in | 2148 they should be stored in a location that is encrypted. Users can also opt in |
| 2084 these cases to not save their user credentials in the config file and will | 2149 these cases to not save their user credentials in the config file and will |
| 2085 instead be prompted when they are needed. | 2150 instead be prompted when they are needed. |
| 2086 </p> | 2151 </p> |
| 2087 </section> | 2152 </section> |
| 2088 </section> | 2153 </section> |
| 2089 </body> | 2154 </body> |
| 2090 </html> | 2155 </html> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12255005:
Adding rule frames to the ONC spec. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src