On 14/12/15 00:29, Steffan Karger wrote: > No, verify-x509-name does not do anything with Subject alt names. It > validates the peer certificate subject (or a specific part of the > subject, if you use the 'name' or 'name-prefix' types). I think the man > page explains this quite accurately: My mistake - our server cert actually has the name I intend to use as the primary name - and the actual "real" server names as Subject Alt names. I sort of just assumed they were all treated as one "array" - like what happens in browsers
In any case - excellent - I can work with this :-) -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
