-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/11/09 17:16, Till Maas wrote: > I would like to get a notification in case a client certificate is used > for a connection to an OpenVPN server, that is about to expire soon. Is > there currently a way to do this? I looked into the tls-verify hook, but > according to the documentation, only the Subject line of a certificate > is available and not the validity. Is there maybe a way to log the > expiration dates?
I don't think this is possible without patching openvpn to put these values into some environment variables for the --tls-verify hook. I've done something similar in regards to the SHA1 fingerprint for my own project (I have had an OpenVPN patch pending since RC7). But I'd be willing to carry such a feature in my eurephia patch for OpenVPN, as that sounds very useful. kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEUEARECAAYFAkr6eJgACgkQDC186MBRfrq6NACVESQtnCHS/SljNEAMXdR4xNmY 5gCfbRyDvGgJDguKhCIm3kiLaID6V1g= =wjKX -----END PGP SIGNATURE-----
