[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] First OpenVPN 2.0 Release Candidate is available


  • Subject: Re: [Openvpn-users] First OpenVPN 2.0 Release Candidate is available
  • From: Vlada Macek <tuttle@xxxxxxxxxxxxxxxx>
  • Date: Wed, 08 Dec 2004 14:18:53 +0100

James Yonan wrote:

> Having said that, there are currently three separate directives for
> verifying the peer certificate: tls-remote, tls-verify, and the new
> ns-cert-type directive, and any one of these can be used by clients
> to make sure they are connecting to a bona-fide server.

Just to point out more the OpenVPN's configuration flexibility: I use
tls-remote on the client side and ccd-exclusive on the server side for
the peer CN verification. The advantage of this is, that I do not need
to run any script inside the server chroot jail, therefore no binaries
are inside, just small text files -- crl.pem and ccd/*.

***

I welcome the upcoming stable release. This project is indeed becoming
widely popular and I'm sure 2.0 will bring additional masses. :-) My
compliments to James Yonan, Mathias Sundman and others for their work
and immense support.

-- 

\//\/\
(Sometimes credited as 1494 F8DD 6379 4CD7 E7E3 1FC9 D750 4243 1F05 9424.)

Attachment: signature.asc
Description: OpenPGP digital signature