> One of the nice features of Jason's patch was that also for big(ger) > deployments you could get rid of the CA if you have another channel to > establish trust between client and server.
I really wonder which large deployment want to do that instead of a CA. I really understand the need for small and simple deployments. But for larger deployments a CA + CRL seems more useful for everything that I can come up with. > I guess it won't be possible to use --tls-verify (on the server) with your > patch and verify the fingerprint(s) there? No. Currently not. Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
