cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1380?usp=email )
Change subject: doc: Document potential filesystem pitfalls of client-config-dir ...................................................................... doc: Document potential filesystem pitfalls of client-config-dir Reported-By: [email protected] Change-Id: I23ea00dbd62271838aa72e913b743cc679ff2386 Signed-off-by: Frank Lichtenheld <[email protected]> Acked-by: Gert Doering <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1380 Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg34541.html Signed-off-by: Gert Doering <[email protected]> --- M doc/man-sections/server-options.rst 1 file changed, 10 insertions(+), 0 deletions(-) diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index 5243a06..739be22 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -144,6 +144,16 @@ ``--push-reset``, ``--push-remove``, ``--iroute``, ``--ifconfig-push``, ``--vlan-pvid`` and ``--config``. + **Note:** OpenVPN uses the CN exactly as written in the certificate. + But since this is a file access the filesystem might interfere. + Importantly OpenVPN will consider two CNs that only differ in case as + different names but a case-insensitive filesystem (like you might + encounter on Windows or macOS) will treat them as the same. When you + generate your certificates make sure that the CNs are sufficiently + different to not cause issues. When trusting an external CA note that + this is a potential attack vector via maliciously generated + certificates that exploit this issue. + --client-to-client Because the OpenVPN server mode handles multiple clients through a single tun or tap interface, it is effectively a router. The -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1380?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I23ea00dbd62271838aa72e913b743cc679ff2386 Gerrit-Change-Number: 1380 Gerrit-PatchSet: 3 Gerrit-Owner: flichtenheld <[email protected]> Gerrit-Reviewer: cron2 <[email protected]> Gerrit-Reviewer: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
