Hi,
On Mon, Feb 23, 2015 at 05:40:11PM +0300, Vasily Kulikov wrote:
> > I agree -- the argument to --needs-external-cert should be optional.
>
> Note: Arne said about 'macos-keychain' prefix in the argument being
> optional, not the argument itself being optional. Acually, I don't
> think making
On Mon, Feb 23, 2015 at 12:55 +, David Woodhouse wrote:
> On Mon, 2015-02-23 at 09:28 +0100, Arne Schwabe wrote:
> >
> > Am 23.02.15 um 09:04 schrieb Vasily Kulikov:
> > > management-external-cert 'macosx-keychain:SUBJECT:c=US'
> > >
> > > With the approach in patch v3 a user has to start
On Mon, Feb 23, 2015 at 08:04 -0500, Jonathan K. Bullard wrote:
> On Mon, Feb 23, 2015 at 4:00 AM, Gert Doering wrote:
> >
> > On Mon, Feb 23, 2015 at 09:28:31AM +0100, Arne Schwabe wrote:
> > > > What do you think of the change?
> > > I like the idea. You could make the macos-keychain in the str
On Mon, Feb 23, 2015 at 8:10 AM, David Woodhouse wrote:
> On Mon, 2015-02-23 at 13:59 +0100, Arne Schwabe wrote:
>>
>> All fine. My rationale was like, if I want a certificate with a certain
>> SUBJECT (e.g. CN=schw...@mycoolca.com) etc. it should not matter for men
>> wether I get it from OS X, W
On 02/23/2015 02:10 PM, David Woodhouse wrote:
> On Mon, 2015-02-23 at 13:59 +0100, Arne Schwabe wrote:
>>
>> All fine. My rationale was like, if I want a certificate with a certain
>> SUBJECT (e.g. CN=schw...@mycoolca.com) etc. it should not matter for men
>> wether I get it from OS X, Windows or
On Mon, 2015-02-23 at 13:59 +0100, Arne Schwabe wrote:
>
> All fine. My rationale was like, if I want a certificate with a certain
> SUBJECT (e.g. CN=schw...@mycoolca.com) etc. it should not matter for men
> wether I get it from OS X, Windows or Android Certificate store.
The canonical way of rep
On Mon, Feb 23, 2015 at 4:00 AM, Gert Doering wrote:
>
> On Mon, Feb 23, 2015 at 09:28:31AM +0100, Arne Schwabe wrote:
> > > What do you think of the change?
> > I like the idea. You could make the macos-keychain in the string optional.
>
> What Arne said (both parts of it) :-)
I agree -- the ar
Am 23.02.15 um 13:55 schrieb David Woodhouse:
> On Mon, 2015-02-23 at 09:28 +0100, Arne Schwabe wrote:
>> Am 23.02.15 um 09:04 schrieb Vasily Kulikov:
>>> management-external-cert 'macosx-keychain:SUBJECT:c=US'
>>>
>>> With the approach in patch v3 a user has to start openvpn with the
>>> conf
On Mon, 2015-02-23 at 09:28 +0100, Arne Schwabe wrote:
>
> Am 23.02.15 um 09:04 schrieb Vasily Kulikov:
> > management-external-cert 'macosx-keychain:SUBJECT:c=US'
> >
> > With the approach in patch v3 a user has to start openvpn with the
> > config file, start keychain-mcd, and pass identity
On Mon, Feb 23, 2015 at 10:00 +0100, Gert Doering wrote:
> Hi,
>
> On Mon, Feb 23, 2015 at 09:28:31AM +0100, Arne Schwabe wrote:
> > > What do you think of the change?
> > I like the idea. You could make the macos-keychain in the string optional.
>
> What Arne said (both parts of it) :-)
Excell
Hi,
On Mon, Feb 23, 2015 at 09:28:31AM +0100, Arne Schwabe wrote:
> > What do you think of the change?
> I like the idea. You could make the macos-keychain in the string optional.
What Arne said (both parts of it) :-)
gert
--
USENET is *not* the non-clickable part of WWW!
Am 23.02.15 um 09:04 schrieb Vasily Kulikov:
> management-external-cert 'macosx-keychain:SUBJECT:c=US'
>
> With the approach in patch v3 a user has to start openvpn with the
> config file, start keychain-mcd, and pass identity template as an
> argument to keychain-mcd.
>
> What do you think of
Hi,
On Sun, Feb 15, 2015 at 23:01 +0100, Gert Doering wrote:
> Hi,
>
> On Sun, Feb 15, 2015 at 10:05:07PM +0100, Arne Schwabe wrote:
> > Am 24.01.15 um 18:04 schrieb Vasily Kulikov:
> [..]
> > > OpenVPN itself gets new 'NEED-CERTIFICATE" command which is called when
> > > --management-external-ce
Hi Gert,
On Sun, Feb 15, 2015 at 23:01 +0100, Gert Doering wrote:
> I hear Arne, and James also ACKed this ("based on testing", which Arne
> did).
>
> I'm not merging it yet, though - Vasily, please provide a v4 of the patch
> that adds:
...
> With that, I'll merge right away :-)
Thank you for t
Hi,
On Sun, Feb 15, 2015 at 10:05:07PM +0100, Arne Schwabe wrote:
> Am 24.01.15 um 18:04 schrieb Vasily Kulikov:
[..]
> > OpenVPN itself gets new 'NEED-CERTIFICATE" command which is called when
> > --management-external-cert is used. It is implemented as a multiline
> > command very similar to an
Am 24.01.15 um 18:04 schrieb Vasily Kulikov:
> This patch adds support for using certificates stored in the Mac OSX
> Keychain to authenticate with the OpenVPN server. This works with
> certificates stored on the computer as well as certificates on hardware
> tokens that support Apple's tokend int
This patch adds support for using certificates stored in the Mac OSX
Keychain to authenticate with the OpenVPN server. This works with
certificates stored on the computer as well as certificates on hardware
tokens that support Apple's tokend interface.
This patch version implements management cli
17 matches
Mail list logo
