Open thanos-k opened 10 months ago
schwabe
commented
10 months ago This feature is probably going to reimplemented from scratch to due license issues in the near future anyway. So please wait until that happens. Also you should check with a more recent version of OpenVPN if the bug still exists. 2.4.12 is really old by now.
thanos-k
commented
10 months ago I will set up a different OS since RHEL 8 derivatives all use that version as well.
One more bit of info: The behaviour is actually really inconsistent . On occasion I get the correct cert exported and on those occasions the correct env variables are exposed as well. ie all of the following:
X509_0_CN= X509_0_C= X509_0_L= X509_0_O=
X509_1_O= X509_1_C=
X509_2_C= X509_2_O= X509_2_L=
Ιn the cases where I only get the root certificate only the following
X509_2_C= X509_2_O= X509_2_L=
are exposed as environment variables in the tls_verify script
flichtenheld
commented
6 months ago Would be nice if you could test that issue with 2.6.9 which contains the reimplementation of the tls-export-cert feature @schwabe was talking about.
ordex
commented
4 months ago @thanos-k any news about testing on a recent release?
In case the peer uses a certificate bundle that includes the root certificate and/or an intermediary certificates the certificate that is exported when tls-export-cert is defined is the root certificate of the bundle and not the actual client certificate
Version information (please complete the following information):