Hi, On Thu, Jan 25, 2018 at 1:36 PM, Jonathan K. Bullard <jkbull...@gmail.com> wrote: > Hi. > > On Mon, Jan 22, 2018 at 12:31 PM, Selva Nair <selva.n...@gmail.com> wrote: >> What about extending the current "version" command with an argument >> where the client states the version of "management-speak" that it >> supports. Current management version is 1, we increase it to 1.1 and >> unless the client says "version 1.1" or more we do not send PK_SIGN. >> The client could do that when it gets the version message or any time >> later. The response to version command (current management version and >> openvpn daemon's version stays the same). No full-fledged cap >> negotiation, but good enough. > > That sounds reasonable; easy to implement in Tunnelblick > > >> The UX would be much better that way. > > Absolutely. >
Encouraged by Jonathan's reply I have made a patch to rename RSA_SIGN to PK_SIGN if client announces a version > 1. Will send it and a modified EC key patch soon. Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
