James Yonan wrote:
> Having said that, there are currently three separate directives for
> verifying the peer certificate: tls-remote, tls-verify, and the new
> ns-cert-type directive, and any one of these can be used by clients
> to make sure they are connecting to a bona-fide server.
Just to point out more the OpenVPN's configuration flexibility: I use
tls-remote on the client side and ccd-exclusive on the server side for
the peer CN verification. The advantage of this is, that I do not need
to run any script inside the server chroot jail, therefore no binaries
are inside, just small text files -- crl.pem and ccd/*.
I welcome the upcoming stable release. This project is indeed becoming
widely popular and I'm sure 2.0 will bring additional masses. :-) My
compliments to James Yonan, Mathias Sundman and others for their work
and immense support.
(Sometimes credited as 1494 F8DD 6379 4CD7 E7E3 1FC9 D750 4243 1F05 9424.)
Description: OpenPGP digital signature