aboutsummaryrefslogtreecommitdiff
path: root/easy-rsa/2.0/build-key-pkcs12
diff options
context:
space:
mode:
authorKarl O. Pinc <kop@meme.com>2010-02-18 21:30:48 +0100
committerDavid Sommerseth <dazo@users.sourceforge.net>2010-10-21 11:33:41 +0200
commit058f3d0b3eade5480b34eaacda673182925bea60 (patch)
tree1a31aeea72af45cd7b8f654da59efb829f4e46d3 /easy-rsa/2.0/build-key-pkcs12
parentAdded mapping files from SVN commit ID to more descriptive commit IDs. (diff)
downloadopenvpn-058f3d0b3eade5480b34eaacda673182925bea60.tar.xz
[PATCH] Change verify-cn so cn is no longer hardcoded in openvpn's config file
This patch should be easy to process. A resubmission of the patch sent to this list on 04/23/2009. The patch changes the verify-cn script sample to be used with --tls-verify so that instead of having to hardcode a cn to verify in the OpenVPN configuration file the allowed cns may be written into a separate file. This makes the process of verifying cns a whole lot more dynamic, to the point where it is useful in the real world. One problem with this patch is that it is backwards incompatible. I did not bother keeping the original calling interface as A) it's a sample script, and B) the original's functionality seems useless and equalivant functionality is easily available with the new script. The problem with the original is that there seems little point in verifying a client's cn when all the clients share one cn, as would have to be the case when the cn is hardcoded into the openvpn config file. This patch applies against the testing allmiscs branch, and should apply against any of the other testing branches as well. It works for me. I've tested it throughly but not used it extensively in production. Regards, Karl <kop@meme.com> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: Eric F Crist <ecrist@secure-computing.net>
Diffstat (limited to 'easy-rsa/2.0/build-key-pkcs12')
0 files changed, 0 insertions, 0 deletions