Hi,
On Sun, Feb 28, 2010 at 02:59:42PM +0100, David Sommerseth wrote:
> It should be nice to enhance tls-verify check possibilities against peer
> cert during a pending TLS connection like :
> - OCSP verification
> - check any X509 extensions of the peer certificate
> - delta CRL verification
> -
On 03/01/2010 04:22:04 AM, David Sommerseth wrote:
> On 01/03/10 06:32, Karl O. Pinc wrote:
> > On 02/28/2010 10:24:36 PM, Peter Stuge wrote:
> >> David Sommerseth wrote:
> >>> +++ b/options.c
> >>> @@ -529,6 +529,9 @@ static const char usage_message[] =
> >>>" tests of certifi
On 02/28/2010 11:52:56 PM, Karl O. Pinc wrote:
> On 02/28/2010 11:39:11 PM, Peter Stuge wrote:
> > Karl O. Pinc wrote:
> > > > > + "--tls-export-cert [directory] : Get peer cert in PEM
> format
> > and
> > >
> > > There is no man page. It's in sample-scripts/.
> >
> > It's a new option, right?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 06:32, Karl O. Pinc wrote:
> On 02/28/2010 10:24:36 PM, Peter Stuge wrote:
>> David Sommerseth wrote:
>>> +++ b/options.c
>>> @@ -529,6 +529,9 @@ static const char usage_message[] =
>>>" tests of certification. cmd sho
On 02/28/2010 11:39:11 PM, Peter Stuge wrote:
> Karl O. Pinc wrote:
> > > > + "--tls-export-cert [directory] : Get peer cert in PEM format
> and
> >
> > There is no man page. It's in sample-scripts/.
>
> It's a new option, right?
The sample script has a new option, yes. But the
--tls-verify o
On 02/28/2010 11:32:46 PM, Karl O. Pinc wrote:
> However, the openvpn(8) --tls-verify section of the man page
> is poor. I just sent another patch that clarifies it.
> Perhaps this is what you're looking for? If not then
> just ignore my man page patch.
I just sent another man page patch to be
Karl O. Pinc wrote:
> > > + "--tls-export-cert [directory] : Get peer cert in PEM format and
>
> There is no man page. It's in sample-scripts/.
It's a new option, right?
//Peter
On 02/28/2010 10:24:36 PM, Peter Stuge wrote:
> David Sommerseth wrote:
> > +++ b/options.c
> > @@ -529,6 +529,9 @@ static const char usage_message[] =
> >" tests of certification. cmd should return 0
> to allow\n"
> >" TLS handshake to proceed, or 1 to fa
David Sommerseth wrote:
> +++ b/options.c
> @@ -529,6 +529,9 @@ static const char usage_message[] =
>" tests of certification. cmd should return 0 to allow\n"
>" TLS handshake to proceed, or 1 to fail. (cmd is\n"
>" executed as 'cmd c
From: Mathieu GIANNECCHINI
It should be nice to enhance tls-verify check possibilities against peer
cert during a pending TLS connection like :
- OCSP verification
- check any X509 extensions of the peer certificate
- delta CRL verification
- ...
This patch add a new "tls-export-cert" option whi
Alon Bar-Lev a écrit :
I think all the above can be implemented as logic into OCSP responder...
OpenVPN needs a standard way to forward the certificate.
Standard == OCSP
It's not easy to configure an OCSP responder with a specific logic...
If a simple script based OCSP is out there, then all
On 1/12/09, Thomas NOEL wrote:
> Hello,
>
> Alon Bar-Lev a écrit :
>
> > Thank you for the patch.
> > I am more in favor of adding OCSP support into OpenVPN.
> > It should be very easy using OpenSSL trunk.
> > Also available at [1].
> > So if you can help perfecting this patch it would be a s
Hello,
Alon Bar-Lev a écrit :
Thank you for the patch.
I am more in favor of adding OCSP support into OpenVPN.
It should be very easy using OpenSSL trunk.
Also available at [1].
So if you can help perfecting this patch it would be a step in the
right direction.
[1] http://www.block64.net/
I th
Hello,
Thank you for the patch.
I am more in favor of adding OCSP support into OpenVPN.
It should be very easy using OpenSSL trunk.
Also available at [1].
So if you can help perfecting this patch it would be a step in the
right direction.
[1] http://www.block64.net/
On 1/12/09, Mathieu GIANNEC
Hello,
It should be nice to enhance tls-verify check possibilities against peer
cert during a pending TLS connection like :
- OCSP verification
- check any X509 extensions of the peer certificate
- delta CRL verification
- ...
This patch add a new "tls-export-cert" option which allow to get peer
15 matches
Mail list logo
