NACK on this patch - the openssl.cnf file should be (almost) the same as
the one used in easy-rsa/2.0
that way the certificates are generated in the same manner (*with*
EKU=ServerAuth)
JJK
David Sommerseth wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 20/06/11 09:49, sam...@openvpn.net wrote:
From: Samuli Seppänen <sam...@openvpn.net>
This is required for patch "Fix a build-ca issue on Windows" to work
---
easy-rsa/Windows/openssl.cnf | 350 ++++++++++++++++++++++++++++++++++++++++++
1 files changed, 350 insertions(+), 0 deletions(-)
create mode 100644 easy-rsa/Windows/openssl.cnf
ACK. Applied to master and release/2.2
I see that 'extendedKeyUsage=serverAuth' is not set. I am not 100% sure if
that is needed or not, or just "nice to have". This was mentioned in Trac
ticket #125 [1]. So I'm accepting the openssl.cnf patch as it is now, and
we can rather fix this attribute later on if it is not enough.
commit 663860ad04dd4190fddbee63e724d3fdceafd937 (master)
commit 6989cbde616a00380acf3a390959987765a5325b (release/2.2)
Author: Samuli Seppänen <sam...@openvpn.net>
Date: Mon Jun 20 10:49:41 2011 +0300
Add new openssl.cnf to easy-rsa/Windows
This is required for patch "Fix a build-ca issue on Windows" to work
Signed-off-by: Samuli Seppänen <sam...@openvpn.net>
Acked-by: David Sommerseth <dav...@redhat.com>
Kind regards,
David Sommerseth
[1] <https://community.openvpn.net/openvpn/ticket/125>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk3/EnsACgkQDC186MBRfroPsQCfT6am6MJsmzhaNtWEOWfs0PFp
KyMAn1M3ljU1cf6BWgL/8rraB0IBrh4O
=VmQ8
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel