Re: [Openvpn-devel] Add support for Keying Material Exporter [RFC 5705]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/02/15 17:18, Gert Doering wrote: > Hi, > > On Mon, Feb 23, 2015 at 04:51:34PM +0100, Daniel Kubec wrote: >> Keying Material Exporter [RFC 5705] Patch rebased to actual master >> branch. > > There definitely needs to be much(!) more

Re: [Openvpn-devel] Add support for Keying Material Exporter [RFC 5705]

Hi, On Mon, Feb 23, 2015 at 04:51:34PM +0100, Daniel Kubec wrote: > Keying Material Exporter [RFC 5705] Patch rebased to actual master > branch. There definitely needs to be much(!) more documentation about this, maybe an extra .txt file under doc/ - I still(!) have *no* idea what this is

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

Hi, On Mon, Feb 23, 2015 at 05:40:11PM +0300, Vasily Kulikov wrote: > > I agree -- the argument to --needs-external-cert should be optional. > > Note: Arne said about 'macos-keychain' prefix in the argument being > optional, not the argument itself being optional. Acually, I don't > think

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

On Mon, Feb 23, 2015 at 12:55 +, David Woodhouse wrote: > On Mon, 2015-02-23 at 09:28 +0100, Arne Schwabe wrote: > > > > Am 23.02.15 um 09:04 schrieb Vasily Kulikov: > > > management-external-cert 'macosx-keychain:SUBJECT:c=US' > > > > > > With the approach in patch v3 a user has to start

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

On Mon, Feb 23, 2015 at 08:04 -0500, Jonathan K. Bullard wrote: > On Mon, Feb 23, 2015 at 4:00 AM, Gert Doering wrote: > > > > On Mon, Feb 23, 2015 at 09:28:31AM +0100, Arne Schwabe wrote: > > > > What do you think of the change? > > > I like the idea. You could make the

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

On Mon, Feb 23, 2015 at 8:10 AM, David Woodhouse wrote: > On Mon, 2015-02-23 at 13:59 +0100, Arne Schwabe wrote: >> >> All fine. My rationale was like, if I want a certificate with a certain >> SUBJECT (e.g. CN=schw...@mycoolca.com) etc. it should not matter for men >> wether

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

On 02/23/2015 02:10 PM, David Woodhouse wrote: > On Mon, 2015-02-23 at 13:59 +0100, Arne Schwabe wrote: >> >> All fine. My rationale was like, if I want a certificate with a certain >> SUBJECT (e.g. CN=schw...@mycoolca.com) etc. it should not matter for men >> wether I get it from OS X, Windows or

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

On Mon, 2015-02-23 at 13:59 +0100, Arne Schwabe wrote: > > All fine. My rationale was like, if I want a certificate with a certain > SUBJECT (e.g. CN=schw...@mycoolca.com) etc. it should not matter for men > wether I get it from OS X, Windows or Android Certificate store. The canonical way of

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

On Mon, Feb 23, 2015 at 4:00 AM, Gert Doering wrote: > > On Mon, Feb 23, 2015 at 09:28:31AM +0100, Arne Schwabe wrote: > > > What do you think of the change? > > I like the idea. You could make the macos-keychain in the string optional. > > What Arne said (both parts of it)

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

Hi, On Mon, Feb 23, 2015 at 09:28:31AM +0100, Arne Schwabe wrote: > > What do you think of the change? > I like the idea. You could make the macos-keychain in the string optional. What Arne said (both parts of it) :-) gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

Hi, On Sun, Feb 15, 2015 at 23:01 +0100, Gert Doering wrote: > Hi, > > On Sun, Feb 15, 2015 at 10:05:07PM +0100, Arne Schwabe wrote: > > Am 24.01.15 um 18:04 schrieb Vasily Kulikov: > [..] > > > OpenVPN itself gets new 'NEED-CERTIFICATE" command which is called when > > >