Re: [Openvpn-devel] better handling of revoked certs

2018-01-01 Thread Илья Шипицин
2018-01-01 17:56 GMT+05:00 Antonio Quartulli : > Hi, > > On 01/01/18 20:30, Steffan Karger wrote: > > [CUT] > > > > > Note the '5 seconds' reconnect loop, which is the same as what current > > released openvpn would do in response to an alert. So if we change our > > servers to

Re: [Openvpn-devel] PKCS#11 - a little bit of help?

2018-01-01 Thread Steffan Karger
Hi, On 01-01-18 14:57, Emmanuel Deloget wrote: > I'm trying to get openvpn read my certificates from a TPM2 using a > specially crafted PKCS#11 provider (the existing tpm2-pk11 is quite > limited for now but I might be able to extend it).  > > However, the PKCS#11 API is not something I'm

[Openvpn-devel] PKCS#11 - a little bit of help?

2018-01-01 Thread Emmanuel Deloget
Hello everybody, I'm trying to get openvpn read my certificates from a TPM2 using a specially crafted PKCS#11 provider (the existing tpm2-pk11 is quite limited for now but I might be able to extend it). However, the PKCS#11 API is not something I'm comfortable with, and I'd like to know if there

Re: [Openvpn-devel] better handling of revoked certs

2018-01-01 Thread Steffan Karger
Hi, On 01-01-18 13:56, Antonio Quartulli wrote: > On 01/01/18 20:30, Steffan Karger wrote: > > [CUT] > >> >> Note the '5 seconds' reconnect loop, which is the same as what current >> released openvpn would do in response to an alert. So if we change our >> servers to send alerts, they will

Re: [Openvpn-devel] better handling of revoked certs

2018-01-01 Thread Antonio Quartulli
Hi, On 01/01/18 20:30, Steffan Karger wrote: [CUT] > > Note the '5 seconds' reconnect loop, which is the same as what current > released openvpn would do in response to an alert. So if we change our > servers to send alerts, they will experience quite a bit more load from > clients attempting

Re: [Openvpn-devel] better handling of revoked certs

2018-01-01 Thread Steffan Karger
Hi, This mail thread has been sitting marked-for-follow-up in my mailbox for a while. Finally found some time to test and jot down my thoughts, see below. On 06-10-17 13:23, David Sommerseth wrote: > On 06/10/17 11:52, Илья Шипицин wrote: > [...snip...] >> > >> >     In addition, what