diff options
| -rw-r--r-- | crypto.c | 3 | ||||
| -rw-r--r-- | easy-rsa/2.0/README | 14 | ||||
| -rw-r--r-- | makefile.w32-vc | 2 | ||||
| -rw-r--r-- | sample-config-files/server.conf | 4 |
4 files changed, 20 insertions, 3 deletions
@@ -1012,6 +1012,7 @@ read_key_file (struct key2 *key2, const char *file, const unsigned int flags) const char *error_filename = file; /* parse info */ + const char *cp; int hb_index = 0; int line_num = 1; int line_index = 0; @@ -1062,7 +1063,7 @@ read_key_file (struct key2 *key2, const char *file, const unsigned int flags) close (fd); } - const char *cp = (char *)in.data; + cp = (char *)in.data; while (size) { const char c = *cp; diff --git a/easy-rsa/2.0/README b/easy-rsa/2.0/README index 02800c2..92c550c 100644 --- a/easy-rsa/2.0/README +++ b/easy-rsa/2.0/README @@ -47,6 +47,20 @@ Release Notes for easy-rsa-2.0 * This release only affects the Linux/Unix version of easy-rsa. The Windows version (written to use the Windows shell) is unchanged. +* Use the revoke-full script to revoke a certificate, and generate + (or update) the crl.pem file in the keys directory (as set by the + vars script). Then use "crl-verify crl.pem" in your OpenVPN server + config file, so that OpenVPN can reject any connections coming from + clients which present a revoked certificate. Usage for the script is: + + revoke-full <common-name> + + Note this this procedure is primarily designed to revoke client + certificates. You could theoretically use this method to revoke + server certificates as well, but then you would need to propagate + the crl.pem file to all clients as well, and have them include + "crl-verify crl.pem" in their configuration files. + INSTALL easy-rsa 1. Edit vars. diff --git a/makefile.w32-vc b/makefile.w32-vc index 49c1031..f92dbb3 100644 --- a/makefile.w32-vc +++ b/makefile.w32-vc @@ -24,7 +24,7 @@ LZO = \src\lzo-1.08.vc INCLUDE_DIRS = -I$(OPENSSL)/include -I$(LZO)/include -LIBS = lzo.lib ws2_32.lib crypt32.lib iphlpapi.lib winmm.lib gdi32.lib advapi32.lib +LIBS = lzo.lib ws2_32.lib crypt32.lib iphlpapi.lib winmm.lib gdi32.lib advapi32.lib wininet.lib LIB_DIRS = -LIBPATH:$(OPENSSL)\out -LIBPATH:$(LZO) diff --git a/sample-config-files/server.conf b/sample-config-files/server.conf index 929e546..f80ce8b 100644 --- a/sample-config-files/server.conf +++ b/sample-config-files/server.conf @@ -37,7 +37,9 @@ proto udp # "dev tun" will create a routed IP tunnel, # "dev tap" will create an ethernet tunnel. -# Use "dev tap" if you are ethernet bridging. +# Use "dev tap0" if you are ethernet bridging +# and have precreated a tap0 virtual interface +# and bridged it with your ethernet interface. # If you want to control access policies # over the VPN, you must create firewall # rules for the the TUN/TAP interface. |