On 11/11/2009 06:26:04 AM, David Sommerseth wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 11/11/09 12:06, Mathieu GIANNECCHINI wrote:
> > Victor Wagner a écrit :
> >> But if entire certificate would be available, it would be possible
> to
> >> extract any information from it (or
Hi all,
Apologies in advance if I'm just not understanding something here.
Following on from the recent SSL renegotiation problem, we're assessing
what we should do with all our SSL services, and as we use OpenVPN in
several places, this is on the list.
I thought that OpenVPN does renegotiations
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/09 13:54, Victor Wagner wrote:
> On 2009.11.11 at 13:00:05 +0100, David Sommerseth wrote:
>
>>
>> Good point! I was not aware of the Apache/mod_ssl way of doing it. My
>> only concern about that is if it would be possible to exhaust the mem
On Wed, Nov 11, 2009 at 12:20:31PM +0100, Jonathan Petersson wrote:
> As it's doing this you can trigger a client-connect script to retrieve
> the "Validity Not After" data from the client-cert (if you have a
> local copy on the server) if the time-frame is out of realms trigger
> sendmail or pref
On 2009.11.11 at 13:00:05 +0100, David Sommerseth wrote:
>
> Good point! I was not aware of the Apache/mod_ssl way of doing it. My
> only concern about that is if it would be possible to exhaust the memory
> pool for environment variables? Imagine a a buffer overflow bug if an
> attacker sends
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/09 12:06, Mathieu GIANNECCHINI wrote:
> Victor Wagner a écrit :
>> On 2009.11.11 at 09:40:59 +0100, David Sommerseth wrote:
>>
>>
>>> On 10/11/09 17:16, Till Maas wrote:
>>>
I would like to get a notification in case a client cert
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/09 11:25, Victor Wagner wrote:
> On 2009.11.11 at 09:40:59 +0100, David Sommerseth wrote:
>
>> On 10/11/09 17:16, Till Maas wrote:
>>> I would like to get a notification in case a client certificate is used
>>> for a connection to an OpenVPN
This may not be a preferable approach but it should do the trick for you.
Upon connection the OpenVPN client reports it's common_name through
environmental variables: "The X509 common name of an authenticated
client. Set prior to execution of --client-connect,
--client-disconnect, and --auth-user-
Victor Wagner a écrit :
On 2009.11.11 at 09:40:59 +0100, David Sommerseth wrote:
On 10/11/09 17:16, Till Maas wrote:
I would like to get a notification in case a client certificate is used
for a connection to an OpenVPN server, that is about to expire soon. Is
there currently a way to
On 2009.11.11 at 09:40:59 +0100, David Sommerseth wrote:
> On 10/11/09 17:16, Till Maas wrote:
> > I would like to get a notification in case a client certificate is used
> > for a connection to an OpenVPN server, that is about to expire soon. Is
> > there currently a way to do this? I looked into
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/11/09 17:16, Till Maas wrote:
> I would like to get a notification in case a client certificate is used
> for a connection to an OpenVPN server, that is about to expire soon. Is
> there currently a way to do this? I looked into the tls-verify hoo
11 matches
Mail list logo
