Re: [Openvpn-devel] [PATCH 1/3] reintroduce --no-name-remapping option

Am 22.02.13 10:44, schrieb Heiko Hund: > The option is just an alias for --compat-names no-remapping and is > introduced so pre-2.3 server configurations don't break. > ACK. Arne

Re: [Openvpn-devel] [PATCH 2/3] make --tls-remote compatible with pre 2.3 configs

Am 22.02.13 10:44, schrieb Heiko Hund: > In openvpn 2.3.0 the semantics of the --tls-remote option changed. > That broke more configurations than anticipated. To not break > configurations that use --tls-remote with a legacy OpenSSL style DN > anymore, it is now detected when such a DN is configure

[Openvpn-devel] [PATCH 3/3 v2] add new option for X.509 name verification

Add the option --verify-x509-name to provide the functionality of the now deprecated --tls-remote. The new option accepts RFC 2253 subject DNs only and compares RDN or RDN prefix only if configured explicitly. Signed-off-by: Heiko Hund --- doc/openvpn.8| 82 +++

Re: [Openvpn-devel] [PATCH 3/3] add new option for X.509 name verification

Hi Arne, On Wednesday 06 March 2013 22:38:56 Arne Schwabe wrote: > I looked through these and I think they are okay. Since most users don't > know what RDN, RDN prefix and DN are an example like I just sent a second version of 3/3 including examples in the man page, as you suggested. > Most use

Re: [Openvpn-devel] [PATCH 3/3 v2] add new option for X.509 name verification

Am 07.03.13 16:36, schrieb Heiko Hund: > Add the option --verify-x509-name to provide the functionality > of the now deprecated --tls-remote. > > The new option accepts RFC 2253 subject DNs only and compares > RDN or RDN prefix only if configured explicitly. ACK to man page changes. ACK to the rest

Re: [Openvpn-devel] #172: NTLM auth does not work with SQUID proxy server

Hi, On Tue, Jan 29, 2013 at 11:55:25AM +0100, Joerg Willmann wrote: > The patch attached to #172 solved my problem and seems to be reasonable. > > I'm just wondering what it takes to make this issue being accepted. (Sorry > I didn't find a description of this process in > wiki/DeveloperDocument

[Openvpn-devel] [PATCH applied] Re: reintroduce --no-name-remapping option

Your patch has been applied to the master and release/2.3 branch. commit 26b0433c4a642f8d2197f3fd371759f0047bd0bd (master) commit c86d09c7c115eeda96ea0b2a400c3ce57bd90292 (release/2.3) Author: Heiko Hund List-Post: openvpn-devel@lists.sourceforge.net Date: Fri Feb 22 10:44:20 2013 +0100 r

[Openvpn-devel] [PATCH applied] Re: make --tls-remote compatible with pre 2.3 configs

Your patch has been applied to the master and release/2.3 branch. commit ad532bba896875e56488e69ec16212a77787c57b (master) commit 0f92b3b4170dab29aaf5cb4e6a0d00d37bf418b4 (release/2.3) Author: Heiko Hund List-Post: openvpn-devel@lists.sourceforge.net Date: Fri Feb 22 10:44:21 2013 +0100 m

[Openvpn-devel] [PATCH applied] Re: add new option for X.509 name verification

Your patch has been applied to the master and release/2.3 branch. commit 9f0fc745664fd0fc6a1c6785e101bf912088db16 (master) commit f6e12862cefd054eb1a44c18ea1dfb4cba7d007a (release/2.3) Author: Heiko Hund List-Post: openvpn-devel@lists.sourceforge.net Date: Thu Mar 7 16:36:41 2013 +0100 ad

Re: [Openvpn-devel] [PATCH] revamp X.509 name verification option

Hi, On Fri, Feb 22, 2013 at 10:44:19AM +0100, Heiko Hund wrote: > This patch set tries to do X.509 name verification right. As discussed > during FOSDEM 2013, changing --tls-remote to support RFC 2253 style > subject DNs only was too radical as it broke more configurations than > expected. Acked