[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: IP Allocation

  • Subject: Re: [Openvpn-users] Re: IP Allocation
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Thu, 13 Jan 2005 00:10:42 -0600

On Thu, 2005-01-13 at 06:05 +0000, Helder Miguel Gaspar Rodrigues wrote:
> - -tls-remote name
> ~    Accept connections only from a host with X509 name or common name
> equal to name. The remote host must also pass all other tests of
> verification.
> cant the attacker create a cert with the same common name and make the
> attack?

A cert with the same common name, sure.

A cert with the same common name, signed by your CA -- not if you keep
your CA's private key hidden away securely.

The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Openvpn-users mailing list