Victor Wagner a écrit :
On 2009.11.11 at 09:40:59 +0100, David Sommerseth wrote:
On 10/11/09 17:16, Till Maas wrote:
I would like to get a notification in case a client certificate is used
for a connection to an OpenVPN server, that is about to expire soon. Is
there currently a way to
Hello,
It should be nice to enhance tls-verify check possibilities against peer
cert during a pending TLS connection like :
- OCSP verification
- check any X509 extensions of the peer certificate
- delta CRL verification
- ...
This patch add a new "tls-export-cert" option which allow to get peer
Hello Davy,
I've a question about your patch for OCSP support :
OCSP URL is specified with "ocsp-url" option in configuration. It's OK
if you have only one CA in your PKI (and so only one OCSP responder) but
what happened if you have a real PKI with multiple CA (so potentially
more than one O
Hello,
Here is a tiny patch which add to OpenVPN a new option "tls-export-cert" :
--tls-export-cert [directory] : Get peer cert in PEM format and store it
in an openvpn temporary file in [directory]. Peer cert is stored
*before* tls-verify script execution and deleted *after*.
The peer cert te
endpoints, and that Dakar or
Hanoi had a openvpn process that can be client (for Paris) _and_ server
for the other endpoint.
Is it possible to imagine that in the next release ?
Or is it already possible ? ;-)
Thanks.
--
Mathieu GIANNECCHINI http://www.auf.org
