Re: [Openvpn-devel] better handling of revoked certs

2017-10-06 Thread Илья Шипицин
2017-10-06 16:23 GMT+05:00 David Sommerseth < open...@sf.lists.topphemmelig.net>: > On 06/10/17 11:52, Илья Шипицин wrote: > [...snip...] > > > > > > In addition, what happens when you try to use a revoked > *client* > > > certificate when connecting to an HTTPS server

Re: [Openvpn-devel] better handling of revoked certs

2017-10-06 Thread David Sommerseth
On 06/10/17 11:52, Илья Шипицин wrote: [...snip...] > > > >     In addition, what happens when you try to use a revoked *client* > >     certificate when connecting to an HTTPS server demanding client > >     certificates to be present? > > > > > > 403 > > > >

Re: [Openvpn-devel] better handling of revoked certs

2017-10-06 Thread Илья Шипицин
2017-10-06 14:42 GMT+05:00 David Sommerseth < open...@sf.lists.topphemmelig.net>: > On 06/10/17 11:37, Илья Шипицин wrote: > > > > > > 2017-10-06 14:11 GMT+05:00 David Sommerseth > > > >: > > > > On 06/10/17 11:02,

Re: [Openvpn-devel] better handling of revoked certs

2017-10-06 Thread David Sommerseth
On 06/10/17 11:37, Илья Шипицин wrote: > > > 2017-10-06 14:11 GMT+05:00 David Sommerseth > >: > > On 06/10/17 11:02, Илья Шипицин wrote: > > > > > > 2017-10-06 13:43 GMT+05:00 David Sommerseth > >

Re: [Openvpn-devel] better handling of revoked certs

2017-10-06 Thread Илья Шипицин
2017-10-06 14:11 GMT+05:00 David Sommerseth < open...@sf.lists.topphemmelig.net>: > On 06/10/17 11:02, Илья Шипицин wrote: > > > > > > 2017-10-06 13:43 GMT+05:00 David Sommerseth > > > >: > > > > On 06/10/17 08:58,

Re: [Openvpn-devel] better handling of revoked certs

2017-10-06 Thread David Sommerseth
On 06/10/17 11:02, Илья Шипицин wrote: > > > 2017-10-06 13:43 GMT+05:00 David Sommerseth > >: > > On 06/10/17 08:58, Илья Шипицин wrote: > > Hello, > > > > I used to run openvpn in login/password mode

Re: [Openvpn-devel] better handling of revoked certs

2017-10-06 Thread Илья Шипицин
2017-10-06 13:43 GMT+05:00 David Sommerseth < open...@sf.lists.topphemmelig.net>: > On 06/10/17 08:58, Илья Шипицин wrote: > > Hello, > > > > I used to run openvpn in login/password mode for years. > > now, I'm getting working certificate setup. > > > > > > what I found strange about revoked

Re: [Openvpn-devel] better handling of revoked certs

2017-10-06 Thread David Sommerseth
On 06/10/17 08:58, Илья Шипицин wrote: > Hello, > > I used to run openvpn in login/password mode for years. > now, I'm getting working certificate setup. > > > what I found strange about revoked certificates ... from client point of > view it looks like any other "tls key negotiation timeout" >

[Openvpn-devel] better handling of revoked certs

2017-10-06 Thread Илья Шипицин
Hello, I used to run openvpn in login/password mode for years. now, I'm getting working certificate setup. what I found strange about revoked certificates ... from client point of view it looks like any other "tls key negotiation timeout" is there a way to signal user "hey, you key is revoked"