|
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ohh sure..my bad!sorry. so i think i will use tls-remote in my clients configuration. Thanks Charles Duffy wrote: | On Thu, 2005-01-13 at 06:05 +0000, Helder Miguel Gaspar Rodrigues wrote: | |>- -tls-remote name |>~ Accept connections only from a host with X509 name or common name |>equal to name. The remote host must also pass all other tests of |>verification. |> |>cant the attacker create a cert with the same common name and make the |>attack? | | | A cert with the same common name, sure. | | A cert with the same common name, signed by your CA -- not if you keep | your CA's private key hidden away securely. | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5hGdXuDuuXe+pHkRAjE0AJ9U134mO/el4loHU8uvm0vLKvW4aACfYyAc CP9qfZcB5u59alor2/bOekQ= =lMAU -----END PGP SIGNATURE----- ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |