search

Michsh / ics-openvpn

Automatically exported from code.google.com/p/ics-openvpn
0 stars 0 forks source link

Feature request: add support for CRL files (crl-verify) #264

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Certificate revocation files are sometimes needed on the client running OpenVPN 
to check that the certificate the server presents has not been revocated by the 
CA.

At the moment, the option crl-verify is not recognized by the app and is copied 
verbatim in the configuration. This wouldn't be a bad thing necessarily, but as 
far as I can tell the only way to make it work is to use an absolute path to 
denote the file name. Paths relative to were the configuration is do not work.

Maybe this option is not so common to be included in the UI, but nonetheless 
the configuration importer might do something smarter about it (probably the 
same thing that it does with other files, like CA and certificates).

Original issue reported on code.google.com by fangospe...@gmail.com on 7 Jul 2014 at 2:58

GoogleCodeExporter commented 9 years ago 
Hm. Embedding the crl comes to mind. But that has two disadvantages:
 - OpenVPN does not support embedding CRL files into the configuration
 - Is embedding really always the right thing to do? Perhaps the user refereshes the CRL on the SD Card.

The only that is left is to try to find the absolute path of the crl-verify 
file and put that into the configuration.

Original comment by arne@rfc2549.org on 18 Jul 2014 at 1:08

GoogleCodeExporter commented 9 years ago 
I think that would be a good solution.

Regarding the embedding of CRL files into the config, I had opened a ticket 
also on the OpenVPN bug reporting
https://community.openvpn.net/openvpn/ticket/421
but seems to have been unnoticed until now.

Original comment by fangospe...@gmail.com on 19 Aug 2014 at 9:50

GoogleCodeExporter commented 9 years ago 
closed by ce93a2c337a9

Original comment by arne@rfc2549.org on 19 Mar 2015 at 10:33

GoogleCodeExporter commented 9 years ago

Original comment by arne@rfc2549.org on 19 Mar 2015 at 11:35