Hi, On Tue, Mar 28, 2017 at 02:11:26PM +0200, David Sommerseth wrote: > > That's great! This way, 2.4 does not have to change it's behaviour. > > Still, I think it makes sense to deprecate --ns-cert-type, and remove it > > in favour or --remote-cert-tls in openvpn 2.5. > > Based on the feedback and discussions in Fedora regarding to us removing > --tls-remote .... I actually think 2.5 is too early.
Nobody suggested removing --remote-cert-tls.
This is about --ns-cert-type.
> We need to have a
> patch very soon complaining loudly in the log files
Like, 57637d0f677d824dacdc83d858357ccc80723f45? :-)
> and get in touch
> with at least NetworkManager guys to ensure they have time to implement
> a solution when this goes away. So I think 2.6 is more realistic.
Shouldn't be so hard to do a string-substitution in NM... with
60b23236329e6921729f51e7689042a29c794a6b, this is really straightforward
(unless your certs are really, *really* weird, providing a proper
nsCert extention, but no proper keyUsage/extKeyUsage extentions).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
