Hi,
Yes, killing a client with cn ending in * will also lead to killing all the
clients whose cn starts with that prefix.
Use other char would no-intuitive (ex. +).
What about optional "prefix" mode word for explicit mode (can be also
enhanced one day with suffix/regexp/etc).
kill cn [mode]: Kill the client instance(s) having common name cn.
--
Best Regards, Vladislav Grishenko
-----Original Message-----
From: Selva Nair <[email protected]>
Sent: Friday, August 14, 2020 11:22 PM
To: openvpn-devel <[email protected]>
Subject: Re: [Openvpn-devel] [PATCH v2] Allow management to kill client
instances by CN wildcard
Hi
On Fri, Aug 14, 2020 at 1:36 PM Arne Schwabe <[email protected]> wrote:
>
> Am 14.08.20 um 19:12 schrieb Vladislav Grishenko:
> > In case of some permanent part of common name (ex. domain) and/or
> > long complex common name consisting of multiple x509 fields, it's
> > handly to kill client instances via management interface with just
> > prefix of common name, not by exact match only.
> >
> > Patch allows to use asterisk as wildcard placeholder in the last
> > trailing symbol of kill command parameter.
> > Single asterisk - empty prefix would be too greedy and can be too
> > harmful, therefore not allowed. Wildcards in the middle of parameter
> > string are not supported to keep the the things simple at the moment.
> >
> > v2: fine tune comments
> >
>
> Thanks for v2,
>
> Acked-By; Arne Schwabe <[email protected]>
'*' is an allowed character in x509 common name unless we explicitly forbid
it. So killing a client with name ending in * would get tricky if not
impossible without side effects.
Selva
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
