[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Disable time-checking of certificates


  • Subject: [Openvpn-users] Disable time-checking of certificates
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Sat, 15 Jan 2005 00:17:37 +0100 (CET)

I setup a net-to-net VPN today between two linux machines with OpenVPN. I could have used static keys, but I wanted to make benefit of the slightly increased security of using TLS mode instead.

However, I ran inte problems because the hardware clock in one of the machines was malfunctional, so the time was reset each time the machine was rebooted.

This caused the openvpn connection to fail because the issued certificates were not yet valid.

In this case, I simply solved it by switching to a working machine, but in this scenario I don't really see how the time-checking of the certificates give me any increased level of security, so I wonder if there is any way to disable this time-check?

Would it be possible to patch OpenVPN to do this, or would it require patching OpenSSL?

Is it possible to issue a certificate without start and stop dates?

/Mathias


------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users