-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/04/14 08:30, Michael Post wrote: > The failure was a misadjusted time. The clients has the time 1970, > but the certificate is valid beginning 15. March 2014. > > For my interesting: Can i disable checking time for certs with any > parameter?
This question pops up from time to time. And we've decided to not implement such a feature, if possible (we haven't checked that, just discussed the issues related to it). The reason is that it's not rocket science to synchronise against an NTP server before starting the OpenVPN connection, even if it's just a one-shot synchronising with ntpdate. This has been discussed in our developer meetings in #openvpn-devel and we recognise that in some environments this could be somewhat useful. But we consider the related security aspect around doing this to be far worse than the real usability of such a feature. - -- kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlM6s+oACgkQDC186MBRfrr86QCbBQUkGbVBqoTW7h5SLMShfv1B EsIAn0VCi9cjYnf+c2EmhrDRK2ik37um =LTF1 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
