Re: openvpn and network manager
- From: Dan Williams <dcbw redhat com>
- To: Casey Harkins <caseyharkins gmail com>
- Cc: networkmanager-list gnome org
- Subject: Re: openvpn and network manager
- Date: Fri, 23 May 2008 17:18:16 -0400
On Fri, 2008-05-23 at 14:00 -0500, Casey Harkins wrote:
> On Fri, 2008-05-23 at 07:57 +0300, Dimitris Zilaskos wrote:
> > On Thu, 22 May 2008, Dan Williams wrote:
> > > I didn't originally write that bit, but what's the impact of getting rid
> > > of the check, if any? That openvpn will just accept any old certificate
> > > that it gets sent from the server?
> > >
> > > Dan
> >
> >
> > No, this check examines if the certificate has the nsCertType field set to
> > "client", it has nothing to do with certificate age. As I mentioned in my
> > previous mail, it is an old depracated field. It has been replaced by
> > extendedkeyusage (http://www.ietf.org/rfc/rfc3280.txt?number=3280).
> >
>
> Also worth noting that it has nothing to do with validating the
> certificate.
>
> The question is should it be removed entirely or made a preference in
> nm-openvpn-properties? Removing is as simple as removing the relevant
> lines (as indicated in the thread referenced earlier). Making it a
> preference should be relatively straight forward as well. I'd imagine a
> patch would be the best way to make this happen. If there aren't any
> takers, I'll whip one up next week to make the ns-cert-type openvpn
> option configurable (none, client, server).
A patch to just remove the check entirely would be fine with me. It
doesn't sound like we need it at all.
Dan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
