Re: openvpn and network manager

From: Dan Williams <dcbw redhat com>
To: v tolstov selfip ru
Cc: networkmanager-list gnome org
Subject: Re: openvpn and network manager
Date: Thu, 22 May 2008 18:12:09 -0400

On Thu, 2008-05-22 at 16:13 +0400, Vasiliy G Tolstov wrote:
> On Thu, 2008-05-22 at 14:52 +0300, Dimitris Zilaskos wrote: 
> > I did some research on that and also contacted the local CA operators. 
> > They told me that ns-cert-type is old,propriety and depracated and does 
> > not significantly add to security. Here are some references:
> > 
> > http://osdir.com/ml/java.ejbca.devel/2005-11/msg00003.html
> > http://openvpn.net/archive/openvpn-users/2007-03/msg00062.html
> > http://readlist.com/lists/postfix.org/postfix-users/12/64401.html
> > http://emperor.canarie.ca/pipermail/tagpma-general/2007-January/001326.html
> > 
> > In any case, this certificate extension is never gonna be 
> > supported in several educational large PKI infrastructures that I (and 
> > serveral other academic users as well) employ. So lack of this feature 
> > will mean loss of a large audience for the networkmanager tool.
> > 
> > Can we have a fix please ?:)
> 
> yes, can we have a fix ? or option to disable this... ?

I didn't originally write that bit, but what's the impact of getting rid
of the check, if any?  That openvpn will just accept any old certificate
that it gets sent from the server?

Dan

Follow-Ups:
- Re: openvpn and network manager
  - From: Dimitris Zilaskos

References:
- openvpn and network manager
  - From: Dimitris Zilaskos
- Re: openvpn and network manager
  - From: Dimitris Zilaskos
- Re: openvpn and network manager
  - From: Vasiliy G Tolstov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]