Bug #11030
closed
OpenVPN Client Export shows server certs as clients
0%
Description
If you have an SSL/TLS only remote access OpenVPN server coinfigured the Client Export tab will show exportable configs for all certificates on the system that have created against the same CA the server is using. That includes any other servers certs whether or not they are in use.
Those clients can never connect as the server rejects the client cert as invalid purpose.
Only client certs created against the CA the server is using should be shown.
Updated by Steve Wheeler over 4 years ago
Tested in openvpn-client-export 1.4.23_2
Installed in:
2.5.0-DEVELOPMENT (amd64) built on Tue Nov 03 13:01:01 EST 2020 FreeBSD 12.2-STABLE
Updated by Jim Pingle over 4 years ago
- Assignee set to Jim Pingle
Once upon a time it used to work, they must have locked that down at some point.
Back in the day, all certs were "server" certs due to how the old methods created them. We fixed that many, many years ago, though, so there shouldn't be any more of those invalid certs still out there and valid/in-use.
Updated by Viktor Gurov over 4 years ago
Updated by Jim Pingle over 4 years ago
- Status changed from New to Pull Request Review
Updated by Jim Pingle over 4 years ago
- Status changed from Pull Request Review to Feedback
I committed a variation of that instead:
https://github.com/pfsense/FreeBSD-ports/commit/0e72ef35bbb0f9dc370141cb9b5c4b5b77db92e7
Updated by Steve Wheeler over 4 years ago
- Status changed from Feedback to Resolved
Tested pkg version 1.5_1 in:
2.5.0-DEVELOPMENT (amd64) built on Tue Nov 10 13:00:27 EST 2020 FreeBSD 12.2-STABLE
Only client certs are offered for export.