Hi, On Tue, Apr 01, 2014 at 01:15:01PM +0000, Bonno Bloksma wrote: > If so I would like to be able to disable it for just 1 client via a ccd file > for instance. That way I do not have to restart the entire service and would > not compromise any other connection.
You can't do this on the server, as it's the client who checks the cert
validity (for the server cert - the server check's the validity of the
client cert, but if the server clock is right, it will be fine).
As the client checks the server certificate before doing anything else,
like "trust information handed out by the server", there is not anything
the server can do here.
(What OpenWRT does to work around this issue is to periodically save a
timestamp to a file, and on boot, ensure that the time is not earlier
than this timestamp - if it's earlier, set the time to that, if later,
leave it alone. Precisely for such cases, with embedded systems with
no hardware clock, and possibly unreachable ntp servers for whatever
reason...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpLMXI3vpllF.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
