Hi On Fri, Aug 14, 2020 at 3:06 PM Vladislav Grishenko <themi...@yandex-team.ru> wrote: > > Hi, > > Yes, killing a client with cn ending in * will also lead to killing all the > clients whose cn starts with that prefix. > Use other char would no-intuitive (ex. +). > What about optional "prefix" mode word for explicit mode (can be also > enhanced one day with suffix/regexp/etc). > > kill cn [mode]: Kill the client instance(s) having common name cn.
That sounds good to me -- avoids the use of any special character. Also, updating the "help" command of management interface was missed in the previous version of the patch. Selva > > -- > Best Regards, Vladislav Grishenko > > -----Original Message----- > From: Selva Nair <selva.n...@gmail.com> > Sent: Friday, August 14, 2020 11:22 PM > To: openvpn-devel <openvpn-devel@lists.sourceforge.net> > Subject: Re: [Openvpn-devel] [PATCH v2] Allow management to kill client > instances by CN wildcard > > Hi > > On Fri, Aug 14, 2020 at 1:36 PM Arne Schwabe <a...@rfc2549.org> wrote: > > > > Am 14.08.20 um 19:12 schrieb Vladislav Grishenko: > > > In case of some permanent part of common name (ex. domain) and/or > > > long complex common name consisting of multiple x509 fields, it's > > > handly to kill client instances via management interface with just > > > prefix of common name, not by exact match only. > > > > > > Patch allows to use asterisk as wildcard placeholder in the last > > > trailing symbol of kill command parameter. > > > Single asterisk - empty prefix would be too greedy and can be too > > > harmful, therefore not allowed. Wildcards in the middle of parameter > > > string are not supported to keep the the things simple at the moment. > > > > > > v2: fine tune comments > > > > > > > Thanks for v2, > > > > Acked-By; Arne Schwabe <a...@rfc2549.org> > > '*' is an allowed character in x509 common name unless we explicitly forbid > it. So killing a client with name ending in * would get tricky if not > impossible without side effects. > > Selva > > > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
