On 09.02.23 21:38, Gert Doering wrote:
CNs with commas in them are a long-standing issue, because OpenVPN
doesn't know how to deal with them. So, don't do that.
Ugh... Sometimes it is just not realistic to reissue certificates. :(
It would be great to at least have it mentioned in BUGS section of the
man page.
On 09.02.23 21:38, Gert Doering wrote:
(There is an old Trac ticket about it, but nobody went out and fixed
the code yet - which is tricky, as you can't just change the format
of ifconfig-pool-persist without breaking existing setups)
I would escape the comma with backslash, for example. It would only
break those setups, which are already broken because they have a comma
in a CN of a client certificate. But maybe there are reasons why this is
also problematic, and I just don't know about them.
Mykhailo
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
