[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: IP Allocation


  • Subject: Re: [Openvpn-users] Re: IP Allocation
  • From: Helder Miguel Gaspar Rodrigues <crash@xxxxxxxx>
  • Date: Thu, 13 Jan 2005 06:05:43 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -tls-remote name
~    Accept connections only from a host with X509 name or common name
equal to name. The remote host must also pass all other tests of
verification.

cant the attacker create a cert with the same common name and make the
attack?

Thanks
Charles Duffy wrote:
| On Thu, 13 Jan 2005 05:38:06 +0000, Helder Miguel Gaspar Rodrigues wrote:
|
|
|>Ok now I have certs for all users, but i build the certs without
|>ns-cert-type in mind. And now? Any alternative conserning that my
|>clients are running windows xp.
|
|
| You don't need to build _all_ the certs with ns-cert-type in mind, just
| the server cert. If you built the server cert w/o ns-cert-type, you
| can just revoke it and build a new one that *does* have the appropriate
| extension field in place. Being only one certificate to replace, it's not
| much work.
|
| If you're still disinclined to use ns-cert-type, you can still use
| tls-remote.
|
|
|
| -------------------------------------------------------
| The SF.Net email is sponsored by: Beat the post-holiday blues
| Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
| It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
| _______________________________________________
| Openvpn-users mailing list
| Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
| https://lists.sourceforge.net/lists/listinfo/openvpn-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB5g+2XuDuuXe+pHkRAkVxAJ4vI/LGxBgCdf4mQKilaE4JOBLCNwCeM2+x
mPXhUDT6IzOrhdxtrisZsdY=
=tk+4
-----END PGP SIGNATURE-----



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users