Correct documentation for --ns-cert-type

Our documentation claimed this option was removed.
But it was not, for compatiblity reasons. So reflect
the correct status.

Change-Id: I1d1851eaebe8bf66c92dac3c8c10f68b1ec3ef33
Signed-off-by: Frank Lichtenheld <[email protected]>
Acked-by: Gert Doering <[email protected]>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1428
Message-Id: <[email protected]>
URL: https://www.mail-archive.com/[email protected]/msg34984.html
Signed-off-by: Gert Doering <[email protected]>

Author: flichtenheld

doc/man-sections/tls-options.rst

@@ -222,6 +222,17 @@ certificates and keys: https://github.com/OpenVPN/easy-rsa
   ``--cert file`` above). URI is supported only when built with OpenSSL 3.0
   or later and any required providers are loaded. (See ``--cert`` for more details).
 
+--ns-cert-type type
+  **DEPRECATED** The ``--remote-cert-tls`` option should be used instead.
+  The option is still available since it can't be silently ignored and needs
+  updates to certificates and configs on both sides of the connection.
+  However it should not be used for new clients or servers. It depends on the
+  deprecated ``nsCertType`` certificate field.
+
+  Might not work depending on the TLS library used.
+
+  Will be removed in a future release.
+
 --pkcs12 file
   Specify a PKCS #12 file containing local private key, local certificate,
   and root CA certificate. This option can be used instead of ``--ca``,

doc/man-sections/unsupported-options.rst

@@ -44,12 +44,6 @@ longer supported
   VPN tunnel security.  Previously we claimed to have removed this in
   OpenVPN 2.5, but this wasn't actually the case.
 
---ns-cert-type
-  Removed in OpenVPN 2.5.  The ``nsCertType`` field is no longer supported
-  in recent SSL/TLS libraries.  If your certificates does not include *key
-  usage* and *extended key usage* fields, they must be upgraded and the
-  ``--remote-cert-tls`` option should be used instead.
-
 --prng
   Removed in OpenVPN 2.6.  We now always use the PRNG of the SSL library.