Re: [Openvpn-devel] [PATCH] [PATCHv2] enhance tls-verify possibility

2010-03-02 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/03/10 00:31, David Sommerseth wrote: > From: Mathieu GIANNECCHINI > > It should be nice to enhance tls-verify check possibilities against peer > cert during a pending TLS connection like : > - OCSP verification > - check any X509 extensions of

Re: [Openvpn-devel] [PATCH] [PATCHv2] enhance tls-verify possibility

2010-03-02 Thread Gert Doering
Hi, On Tue, Mar 02, 2010 at 12:31:41AM +0100, David Sommerseth wrote: > From: Mathieu GIANNECCHINI > > It should be nice to enhance tls-verify check possibilities against peer > cert during a pending TLS connection like : > - OCSP verification > - check any X509 extensions of the peer certificat

[Openvpn-devel] [PATCH] [PATCHv2] enhance tls-verify possibility

2010-03-01 Thread David Sommerseth
From: Mathieu GIANNECCHINI It should be nice to enhance tls-verify check possibilities against peer cert during a pending TLS connection like : - OCSP verification - check any X509 extensions of the peer certificate - delta CRL verification - ... This patch add a new "tls-export-cert" option whi