-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/02/10 18:58, Karl O. Pinc wrote:
> 
> Hi,
> 
> Re: [PATCH] Change verify-cn so cn is no longer hardcoded in openvpn's config 
> file
> 
> This patch should be easy to process.
> A resubmission of the patch sent to this list on 04/23/2009.
> 
> The patch changes the verify-cn script sample
> to be used with --tls-verify so that instead of having
> to hardcode a cn to verify in the OpenVPN configuration file
> the allowed cns may be written into a separate file.
> 
> This makes the process of verifying cns a whole
> lot more dynamic, to the point where it is useful
> in the real world.
> 
> One problem with this patch is that it is backwards
> incompatible.  I did not bother keeping the original
> calling interface as A) it's a sample script, and B) the
> original's functionality seems useless
> and equalivant functionality is easily available
> with the new script.
> 
> The problem with the original is that there seems
> little point in verifying a client's cn when all
> the clients share one cn, as would have to be
> the case when the cn is hardcoded into the openvpn
> config file.
> 
> This patch applies against the testing allmiscs branch,
> and should apply against any of the other testing
> branches as well.
> 
> It works for me.  I've tested it throughly but not
> used it extensively in production.
> 
> Regards,
> 
> Karl <k...@meme.com>

I forgot to mention this is pulled in.  This is applied to the bugfix2.1
branch and merged into the allmerged branch.

commit 22b055eb0888cefa86e0a6d4a34da6066873be45


kind regards,

David Sommerseth

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkuCR88ACgkQDC186MBRfrqwhQCfUP3Encehmnmu5y+37H/4K7XR
HT0AnRUXdGT0XlQ35iQrekxdhat9wk9O
=bhPs
-----END PGP SIGNATURE-----

Reply via email to