Actions
Feature #887
closedAdd an option for stricter OpenVPN ssl/tls+user auth checking
Start date:
09/10/2010
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Description
Currently, we don't verify that the common name of the certificate matches the username being used for login. This means that if someone has a valid server certificate, they can then use any valid username/password combination to get into the server. This may be good for some scenarios, but in more strict environments it wouldn't be acceptable.
We should add a checkbox on the OpenVPN server configuration for this scenario to allow users to enable the more strict checks.
The auth-user-pass-verify script we have could read this setting and run the test before querying the backend authentication server.
Updated by Jim Pingle about 14 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 94823361c3216555761ff57463fe91b2a229a090.
Updated by Chris Buechler about 14 years ago
- Status changed from Feedback to Resolved
Actions