What does this accomplish you can’t just basically do with
—client-cert-not-required?
Eric Crist
> On May 25, 2018, at 3:56 PM, Simon Rozman wrote:
>
> Hi,
>
>>> JJK, I think you are misreading this proposal. No hash is being sent
>>> as a part of the handshake -- its still client and server
Hi,
> What does this accomplish you can’t just basically do with —client-cert-not-
> required?
I am using --client-cert-not-required already. :)
But that simplifies only the client half of the equation.
TLS server will always need a certificate. And client will always need to
verify it to prev
Hi,
> > JJK, I think you are misreading this proposal. No hash is being sent
> > as a part of the handshake -- its still client and server
> > certificates that are exchanged and checked during handshake. The hash
> > is exchanged by a separate channel (say snail mail:) in advance, and
> > serves
Hi Selva,
On 25/05/18 16:07, Selva Nair wrote:
On Fri, May 25, 2018 at 9:51 AM, Jan Just Keijser wrote:
On 25/05/18 03:41, Simon Rozman wrote:
Private and public key are still used. The patch stil uses
certificates and TLS, it only replaces the check certificate of the
peer's certificate agai
Hi,
On Fri, May 25, 2018 at 9:51 AM, Jan Just Keijser wrote:
> Hi,
>
> On 25/05/18 03:41, Simon Rozman wrote:
Private and public key are still used. The patch stil uses
certificates and TLS, it only replaces the check certificate of the
peer's certificate against the CA with a
Hi,
On Fri, Apr 27, 2018 at 08:26:40PM +, Jon Kunkee via Openvpn-devel wrote:
> While working on ARM64 tap-windows6, I came up with this quick fix for a
> minor issue recently reported via IRC.
>
> This is also a Github PR:
> https://github.com/OpenVPN/tap-windows6/pull/51
>
> (The ARM64 wo
Hi,
On 25/05/18 03:41, Simon Rozman wrote:
Private and public key are still used. The patch stil uses
certificates and TLS, it only replaces the check certificate of the
peer's certificate against the CA with a hash check (certificate
pinning if you want).
So basically instead of saying that yo
Hi David,
Oops .. yes I meant --ecdh-curve
and yes, i searched the manual for --ec-curve
so no surprise I did not find it ..
Anyway, there is a complete paste including cofigs here:
https://paste.fedoraproject.org/paste/tIyiqTzjcPqZWWLjqEZtVw
If you prefer I can record this on trac.
Thanks
O
On 25/05/18 09:41, Simon Rozman wrote:
> Hi,
>
>>> Private and public key are still used. The patch stil uses
>>> certificates and TLS, it only replaces the check certificate of the
>>> peer's certificate against the CA with a hash check (certificate
>>> pinning if you want).
>>>
>>> So basicall
