Re: [Openvpn-devel] [PATCH] Add new openssl.cnf to easy-rsa/Windows

Mon, 20 Jun 2011 09:34:41 +0000

NACK on this patch - the openssl.cnf file should be (almost) the same as the one used in easy-rsa/2.0 that way the certificates are generated in the same manner (*with* EKU=ServerAuth) 

JJK

David Sommerseth wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/06/11 09:49, sam...@openvpn.net wrote:

From: Samuli Seppänen <sam...@openvpn.net>

This is required for patch "Fix a build-ca issue on Windows" to work
---
 easy-rsa/Windows/openssl.cnf |  350 ++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 350 insertions(+), 0 deletions(-)
 create mode 100644 easy-rsa/Windows/openssl.cnf


ACK.  Applied to master and release/2.2

I see that 'extendedKeyUsage=serverAuth' is not set. I am not 100% sure if
that is needed or not, or just "nice to have".  This was mentioned in Trac
ticket #125 [1]. So I'm accepting the openssl.cnf patch as it is now, and
we can rather fix this attribute later on if it is not enough.

commit 663860ad04dd4190fddbee63e724d3fdceafd937 (master)
commit 6989cbde616a00380acf3a390959987765a5325b (release/2.2)
Author: Samuli Seppänen <sam...@openvpn.net>
Date:   Mon Jun 20 10:49:41 2011 +0300

    Add new openssl.cnf to easy-rsa/Windows

    This is required for patch "Fix a build-ca issue on Windows" to work

    Signed-off-by: Samuli Seppänen <sam...@openvpn.net>
    Acked-by: David Sommerseth <dav...@redhat.com>


Kind regards,

David Sommerseth


[1] <https://community.openvpn.net/openvpn/ticket/125>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk3/EnsACgkQDC186MBRfroPsQCfT6am6MJsmzhaNtWEOWfs0PFp
KyMAn1M3ljU1cf6BWgL/8rraB0IBrh4O
=VmQ8
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to