Hi,
On 11/09/17 13:22, Илья Шипицин wrote:
Hello,
is someone actually using "tls-verify" in production ?
we tried to implement additional certificate check using tls-verify
while it works in general, in case when it hits "exit 1", it look like a
timeout from client point of view. it is not any good
do you mean that when a client is denied access (i.e. the tls-verify script exits 1 on the server) that the client sees this as
a timeout? that is "normal" behaviour, as the server does not tell the client *WHY* access is refused - it simply stop
responding to a client that does not pass authentication/authorization. The client will not hear from the server, and will time
out after a specified interval. This is actually the most secure way to do things, as a rogue client cannot DoS a server this way.
HTH,
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel