Re: openvpn and network manager

From: Casey Harkins <caseyharkins gmail com>
To: Dimitris Zilaskos <dzila tassadar physics auth gr>
Cc: networkmanager-list gnome org
Subject: Re: openvpn and network manager
Date: Fri, 23 May 2008 14:00:03 -0500

On Fri, 2008-05-23 at 07:57 +0300, Dimitris Zilaskos wrote:
> On Thu, 22 May 2008, Dan Williams wrote:
> > I didn't originally write that bit, but what's the impact of getting rid
> > of the check, if any?  That openvpn will just accept any old certificate
> > that it gets sent from the server?
> >
> > Dan
> 
> 
> No, this check examines if the certificate has the nsCertType field set to 
> "client", it has nothing to do with certificate age. As I mentioned in my 
> previous mail, it is an old depracated field. It has been replaced by 
> extendedkeyusage (http://www.ietf.org/rfc/rfc3280.txt?number=3280).
> 

Also worth noting that it has nothing to do with validating the
certificate.

The question is should it be removed entirely or made a preference in
nm-openvpn-properties? Removing is as simple as removing the relevant
lines (as indicated in the thread referenced earlier). Making it a
preference should be relatively straight forward as well. I'd imagine a
patch would be the best way to make this happen. If there aren't any
takers, I'll whip one up next week to make the ns-cert-type openvpn
option configurable (none, client, server).

-casey

Follow-Ups:
- Re: openvpn and network manager
  - From: Dimitris Zilaskos
- Re: openvpn and network manager
  - From: Dan Williams

References:
- openvpn and network manager
  - From: Dimitris Zilaskos
- Re: openvpn and network manager
  - From: Dimitris Zilaskos
- Re: openvpn and network manager
  - From: Vasiliy G Tolstov
- Re: openvpn and network manager
  - From: Dan Williams
- Re: openvpn and network manager
  - From: Dimitris Zilaskos

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]