[Openvpn-devel] client-cert-not-required == client-cert-do-not-check

Hello again, While fiddling with the OpenVPN code for the patch -look at my other mail- I noticed the following: When a server specifies client-cert-not-required and the client passes a certificate, the server does not check this certificate for validity, i.e. no trust verification (signed by the C

Re: [Openvpn-devel] [PATCH v2] Use CryptoAPI to verify certificates

Alon Bar-Lev wrote: > If you integrate into Microsoft trust providers, you should also > support CTL and such. So that the Domain/Computer policy will be > applied to OpenVPN. After a bit of googling, I can know *guess* what you mean. I'm no Microsoft expert or developer -and I don't want to be, to

Re: [Openvpn-devel] OpenVPN Status Log

On Fri, 05 Jan 2007 00:38:44 +0300, Alexander Littell wrote: Thanks for the input, Tony. I'm sure that solution scales very well. ;-) I'm puzzled... Was that an irony or am I missled by English vs Russian language differences? Tony.

Re: [Openvpn-devel] OpenVPN Status Log

Thanks for the input, Tony. I'm sure that solution scales very well. ;-) Original Message Follows From: Tony To: openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] OpenVPN Status Log List-Post: openvpn-devel@lists.sourceforge.net Date: Thu, 04 Jan 2007 12:40:35 +0300 On W

Re: [Openvpn-devel] OpenVPN Status Log

Alexander Littell wrote: How difficult would it be to program the openvpn-status.log to show usernames instead of common names? Or maybe both. Any thoughts on how to do this? I could be wrong, but I would guess that most OpenVPN administrators are using username/password pairs instead of ce

Re: [Openvpn-devel] [PATCH v2] Use CryptoAPI to verify certificates

On 1/4/07, Faidon Liambotis wrote: Hi, Thank you for your comments. Alon Bar-Lev wrote: > On 1/3/07, Faidon Liambotis wrote: >> Ok, here's another try, even though I didn't get any comments on the >> first one :-) >> >> This is a totally different approach; the previous one was flawed in at >>

Re: [Openvpn-devel] [PATCH v2] Use CryptoAPI to verify certificates

Hi, Thank you for your comments. Alon Bar-Lev wrote: > On 1/3/07, Faidon Liambotis wrote: >> Ok, here's another try, even though I didn't get any comments on the >> first one :-) >> >> This is a totally different approach; the previous one was flawed in at >> least two aspects: > > This is bette

Re: [Openvpn-devel] OpenVPN Status Log

On Wed, 03 Jan 2007 16:29:20 +0300, Alexander Littell wrote: I would guess that most OpenVPN administrators are using username/password pairs instead of certificates to authenticate their clients. Well, I do anyway. Not me! I use hardware-tokens-based (PKCS#11) authentication. Tony.