David Sommerseth a écrit :
> From what I've heard from other sources as well, this is usually the
> normal procedure ... pop the patch to this mailing list and watch
> if something happens ... or not you might get a response, and you
> might not. Who knows ...
It is a good summary of t
stem would be a nice feature of openvpn
(I could say : another "killer-feature" ? ;) )
Cheers,
--
Thomas NOEL http://www.auf.org/
Coordinateur des infrastructures techniques
Administration des ressources informatiques
Agence universitaire de la Francophonie (AUF)
o...
We can not integrate all these cases directly in OpenVPN. An external
system (as for all others scripts in OpenVPN) provides an very efficient
solution.
Just my 2 cents..
--
Thomas NOEL http://www.auf.org/
Coordinateur des infrastructures techniques
Administration des ressources informatiq
http://openvpn.net/archive/openvpn-devel/2005-12/msg0.html
With it, it's easy to check OCSP, SVCP, CRL... or openssl blacklists...
or whatever...
--
Thomas NOEL
ients), I cannot stop them
and break all TSE clients in case of a simple revocation... :-(
The ultimate solution will be OCSP, but... we are in 2005 ;-)
Thank you for your attention about this issue.
--
Thomas NOEL http://www.auf.org/
Coordinateur des infrastructures techniques
Agence universitai
:
- where can I add an action when a SIGUSR1 or SIGHUP is handled ?
- how can I get the (list of ?) SSL_CTX object ?
Do you think that it is a good idea, and do you think that it is feasible ?
Thanks,
--
Thomas NOEL http://www.auf.org/
Coordinateur des infrastructures techniques
Agence univers
the tools for that.
Again, thanks for OpenVPN, and do not misundestood me : OpenVPN is a
very very nice piece of code anyway :-)
--
Thomas NOEL http://www.auf.org/
Coordinateur des infrastructures techniques
Agence universitaire de la Francophonie (AUF)
Services centraux Paris - 4 place de la Sorbo
d_lookup() and
X509_LOOKUP_add_dir() ... I'm not a openssl guru, not at all ;-)
Thanks,
--
Thomas NOEL http://www.auf.org/
Coordinateur des infrastructures techniques
Agence universitaire de la Francophonie (AUF)
Services centraux Paris - 4 place de la Sorbonne - 75005 Paris
Tél: +33 (0)1 4
he CRL stuff
for 0.9.7 and above.
I will try to produce a patch for a "--capath" option. See you in two or
three hours.
Thanks again,
--
Thomas NOEL http://www.auf.org/
Coordinateur des infrastructures techniques
Agence universitaire de la Francophonie (AUF)
Services centraux Pa
ly manage all CA
and all CRL included in a "CAPath".
Thx,
--
Thomas NOEL http://www.auf.org/
Coordinateur des infrastructures techniques
Agence universitaire de la Francophonie (AUF)
Services centraux Paris - 4 place de la Sorbonne - 75005 Paris
Tél: +33 (0)1 44 41 18 18, poste 182
Hi,
As I said on "openvpn-users", OpenVPN can't handle multiple CRL. It's an
issue when the PKI have multiple CAs, typically an offline root CA and
intermediate CAs.
Attached is a patch for a "--crl-verify-path" option.
The idea is to follow the "openssl way of life" : each CRL is named
"0a
11 matches
Mail list logo
