Hello,
I'm writing again on the topic of my post sent several hours ago to the
openvpn-users list. The post proposed the --ccd-exclusive option.
Since then I tried to setup chrooted openvpn server with the ccd
directory in the jail as well as the tls-verify script which was
checking the content o
Vlada,
I think the idea for the patch is good, i.e. using the client-config-dir
as a kind of authenticator of common names.
I do have a concern though on your implementation. You are conducting the
allow/deny test in multi_connection_established(). The problem is that
this function runs too late
