Re: openvpn and network manager



On Thu, 2008-05-22 at 16:13 +0400, Vasiliy G Tolstov wrote:
> On Thu, 2008-05-22 at 14:52 +0300, Dimitris Zilaskos wrote: 
> > I did some research on that and also contacted the local CA operators. 
> > They told me that ns-cert-type is old,propriety and depracated and does 
> > not significantly add to security. Here are some references:
> > 
> > http://osdir.com/ml/java.ejbca.devel/2005-11/msg00003.html
> > http://openvpn.net/archive/openvpn-users/2007-03/msg00062.html
> > http://readlist.com/lists/postfix.org/postfix-users/12/64401.html
> > http://emperor.canarie.ca/pipermail/tagpma-general/2007-January/001326.html
> > 
> > In any case, this certificate extension is never gonna be 
> > supported in several educational large PKI infrastructures that I (and 
> > serveral other academic users as well) employ. So lack of this feature 
> > will mean loss of a large audience for the networkmanager tool.
> > 
> > Can we have a fix please ?:)
> 
> yes, can we have a fix ? or option to disable this... ?

I didn't originally write that bit, but what's the impact of getting rid
of the check, if any?  That openvpn will just accept any old certificate
that it gets sent from the server?

Dan



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]