Project

General

Profile

Actions

Feature #887

closed

Add an option for stricter OpenVPN ssl/tls+user auth checking

Added by Jim Pingle about 11 years ago. Updated about 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
09/10/2010
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Currently, we don't verify that the common name of the certificate matches the username being used for login. This means that if someone has a valid server certificate, they can then use any valid username/password combination to get into the server. This may be good for some scenarios, but in more strict environments it wouldn't be acceptable.

We should add a checkbox on the OpenVPN server configuration for this scenario to allow users to enable the more strict checks.

The auth-user-pass-verify script we have could read this setting and run the test before querying the backend authentication server.

Actions #1

Updated by Jim Pingle about 11 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Chris Buechler about 11 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF