[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: Temporarily disabling client certificates

  • Subject: Re: [Openvpn-users] Re: Temporarily disabling client certificates
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Fri, 14 Jan 2005 22:35:47 -0600

On Fri, 2005-01-14 at 23:04 -0500, Ed Ravin wrote:
> > I'd use a tls-verify script to blacklist clients which have valid
> > certificates but which aren't presently supposed to be able to connect.
> How about adding the vendor's cert to the revocation list, then removing
> it when they call in to request access?

In theory, if not practice, certificate revocation lists are
append-only. "Removing it" is not a supported operation.

The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Openvpn-users mailing list