On 07/08/2011 08:56 AM, Adriaan de Jong wrote:
-----Original Message-----
From: Markus Kötter [mailto:koet...@rrzn-hiwi.uni-hannover.de]
Remaining question is why does openvpn even try to retrieve values from
upper cert layers - they'll be overwritten anyway.
The information is provided to scripts and plugins in environment variables, so
that additional verification can be performed there.
Maybe we got a misunderstanding:
Question is what would be wrong with:
if( !cert_depth && verify_get_username(..) )
err();
Markus
