Interactive service allows all configs and options if the user
is in "Administrators" group. This patch makes it work even if the
admin group is renamed or localized.
While at it, also remove two unused variables in validate.c.
Thanks to Leonardo Basilio for testing
the patch on a localized vers
On 03/05/2016 06:27 PM, Gert Doering wrote:
> Hi,
>
> On Sat, Mar 05, 2016 at 12:58:06AM +0300, ValdikSS wrote:
> If Connect works, and OpenVPN for Android does not, this hints at
> "PolarSSL vs. OpenSSL".
>
> Or at "we call the crypto library differently"...
Yes, PolarSSL build of OpenVPN 2.3 wor
Hi,
On Sat, Mar 05, 2016 at 12:58:06AM +0300, ValdikSS wrote:
> Bad news:
>
> * OpenVPN 2.3 and master can't connect to this server, with both OpenSSL
> and PolarSSL backends. Maybe if I supply certificates in correct order,
> client would
If Connect works, and OpenVPN for Android does not,
On 03/05/2016 12:58 AM, ValdikSS wrote:
> I have good news and bad news:
>
> Good news:
>
> * OpenVPN sends all certificates from the server supplied for --server
> directive (although with a small bug that a certificate which you have
> private key
> for must be supplied on the top)
> *
While crl files can change regulary and it is usually not a good idea to
statically include them into config files, handling multiple files and updating
files on mobile files is tiresome/problematic. Inlining a static version of the
crl file is better in these use cases than to use no crl at all
On 03/05/2016 08:24 AM, ValdikSS wrote:
>
>
> On 03/05/2016 04:36 AM, Jan Just Keijser wrote:
>
> I've signed my new CA's private key (4096 bit) with old CA (1024 bit) and it
> became intermediate to my old CA (what you call extending trust), but also
> issued
> self-signed new CA. I issue server
On 03/05/2016 04:36 AM, Jan Just Keijser wrote:
> Hi,
>
> On 04/03/16 22:58, ValdikSS wrote:
> how did you generate the cross-signed CA certs? I've looked around but all
> cross-signing either requires you to use the same private key (i.e. bit size)
> or
> that you extend the trust of one CA wi
Hi,
On 04/03/16 22:58, ValdikSS wrote:
I have good news and bad news:
Good news:
* OpenVPN sends all certificates from the server supplied for
--server directive (although with a small bug that a certificate
which you have private key for must be supplied on the top)
* OpenVPN Conn
