Re: [Openvpn-devel] [PATCH] Add auto value to pkcs11-id parameter

Chris J Arges wrote: This patch allows one to specify --pkcs11-id auto to automatically select the first certificate on a pkcs11 device. This simplifies scripts and usage in environments where clients may only use a single certificate for connecting to a VPN. Based on a patch by Oliver Dumschat-H

[Openvpn-devel] [PATCH] revamp X.509 name verification option

This patch set tries to do X.509 name verification right. As discussed during FOSDEM 2013, changing --tls-remote to support RFC 2253 style subject DNs only was too radical as it broke more configurations than expected. This makes --tls-remote work with old configurations again, but deprecates its

[Openvpn-devel] [PATCH 1/3] reintroduce --no-name-remapping option

The option is just an alias for --compat-names no-remapping and is introduced so pre-2.3 server configurations don't break. Signed-off-by: Heiko Hund --- doc/openvpn.8 | 32 +++- src/openvpn/options.c | 21 ++--- 2 files changed, 37 inserti

[Openvpn-devel] [PATCH 2/3] make --tls-remote compatible with pre 2.3 configs

In openvpn 2.3.0 the semantics of the --tls-remote option changed. That broke more configurations than anticipated. To not break configurations that use --tls-remote with a legacy OpenSSL style DN anymore, it is now detected when such a DN is configured. When necessary the --compat-names option is

[Openvpn-devel] [PATCH 3/3] add new option for X.509 name verification

Add the option --verify-x509-name to provide the functionality of the now deprecated --tls-remote. The new option accepts RFC 2253 subject DNs only and compares RDN or RDN prefix only if configured explicitly. Signed-off-by: Heiko Hund --- doc/openvpn.8| 78 +++