From 4cc1b78ff38cf246525d2f5ec8d66cf6e19a4840 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Sun, 14 May 2017 20:57:30 +0000
Subject: [PATCH] Check the certificate key usage

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/openvpn/client/files/client.conf | 1 +
 roles/openvpn/server/files/server.conf | 1 +
 2 files changed, 2 insertions(+)

diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf
index e807bdc7d9..5042ed6e25 100644
--- a/roles/openvpn/client/files/client.conf
+++ b/roles/openvpn/client/files/client.conf
@@ -22,6 +22,7 @@ auth SHA512
 ca ca.crt
 cert client.crt
 key client.key
+remote-cert-tls server
 
 comp-lzo
 
diff --git a/roles/openvpn/server/files/server.conf b/roles/openvpn/server/files/server.conf
index e5cdd45180..add4425363 100644
--- a/roles/openvpn/server/files/server.conf
+++ b/roles/openvpn/server/files/server.conf
@@ -16,6 +16,7 @@ cipher AES-256-CBC
 auth SHA512
 dh dh2048.pem
 crl-verify crl.pem
+remote-cert-tls client
 
 keepalive 10 120