|
|
Erich Titl schrieb: here is more info I came across this as well. Something (openvpn, openssl, etc) changes spaces in the X509 name into underscores for the purposes of this comparison. If you look at the error message, you will see that openvpn is trying to compare "...Ruf_telematik..." to "...Ruf Telematik..." (and failing). So the value you enter for the tls-remote parameter must have all spaces changed to underscores. James said he had added some notes on this to the documentation. I didn't actually check what was added, because I had already fixed my config files. Using
C=xyz/L=abc/O=123/Cn=456/... The documentation of the tls-remote options says: "Accept connections only from a host with X509 name or common name equal to name." If I understand it correctly, the X509 name is the entire string, and the common name is the value of the CN= part of the X509 name. The man entry goes on to say: "Name can also be a common name prefix [...]". So, in your example above, "openvpn@xxxxxxxxxxxxxxx" is being successfully matched as a common name prefix. Ie, the string matches the beginning of the CN= part of the X509 name of the certificate. Hope this helps Cheers! Nik. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00063.html on line 222 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00063.html on line 222 |