[Openvpn-devel] [PATCH] Handle localized Administrators group name in windows

2016-03-05 Thread Selva Nair
Interactive service allows all configs and options if the user is in "Administrators" group. This patch makes it work even if the admin group is renamed or localized. While at it, also remove two unused variables in validate.c. Thanks to Leonardo Basilio for testing the

Re: [Openvpn-devel] Pushing multiple certificates from server

2016-03-05 Thread ValdikSS
On 03/05/2016 06:27 PM, Gert Doering wrote: > Hi, > > On Sat, Mar 05, 2016 at 12:58:06AM +0300, ValdikSS wrote: > If Connect works, and OpenVPN for Android does not, this hints at > "PolarSSL vs. OpenSSL". > > Or at "we call the crypto library differently"... Yes, PolarSSL build of OpenVPN 2.3

Re: [Openvpn-devel] Pushing multiple certificates from server

2016-03-05 Thread Gert Doering
Hi, On Sat, Mar 05, 2016 at 12:58:06AM +0300, ValdikSS wrote: > Bad news: > > * OpenVPN 2.3 and master can't connect to this server, with both OpenSSL > and PolarSSL backends. Maybe if I supply certificates in correct order, > client would If Connect works, and OpenVPN for Android does not,

Re: [Openvpn-devel] Pushing multiple certificates from server

2016-03-05 Thread ValdikSS
On 03/05/2016 12:58 AM, ValdikSS wrote: > I have good news and bad news: > > Good news: > > * OpenVPN sends all certificates from the server supplied for --server > directive (although with a small bug that a certificate which you have > private key > for must be supplied on the top) > *

[Openvpn-devel] [PATCH] Implement inlining of crl files

2016-03-05 Thread Arne Schwabe
While crl files can change regulary and it is usually not a good idea to statically include them into config files, handling multiple files and updating files on mobile files is tiresome/problematic. Inlining a static version of the crl file is better in these use cases than to use no crl at

Re: [Openvpn-devel] Pushing multiple certificates from server

2016-03-05 Thread ValdikSS
On 03/05/2016 08:24 AM, ValdikSS wrote: > > > On 03/05/2016 04:36 AM, Jan Just Keijser wrote: > > I've signed my new CA's private key (4096 bit) with old CA (1024 bit) and it > became intermediate to my old CA (what you call extending trust), but also > issued > self-signed new CA. I issue

Re: [Openvpn-devel] Pushing multiple certificates from server

2016-03-05 Thread ValdikSS
On 03/05/2016 04:36 AM, Jan Just Keijser wrote: > Hi, > > On 04/03/16 22:58, ValdikSS wrote: > how did you generate the cross-signed CA certs? I've looked around but all > cross-signing either requires you to use the same private key (i.e. bit size) > or > that you extend the trust of one CA

Re: [Openvpn-devel] Pushing multiple certificates from server

2016-03-05 Thread Jan Just Keijser
Hi, On 04/03/16 22:58, ValdikSS wrote: I have good news and bad news: Good news: * OpenVPN sends all certificates from the server supplied for --server directive (although with a small bug that a certificate which you have private key for must be supplied on the top) * OpenVPN