Actions
Feature #887
closed
Add an option for stricter OpenVPN ssl/tls+user auth checking
Start date:
09/10/2010
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Description
Currently, we don't verify that the common name of the certificate matches the username being used for login. This means that if someone has a valid server certificate, they can then use any valid username/password combination to get into the server. This may be good for some scenarios, but in more strict environments it wouldn't be acceptable.
We should add a checkbox on the OpenVPN server configuration for this scenario to allow users to enable the more strict checks.
The auth-user-pass-verify script we have could read this setting and run the test before querying the backend authentication server.
Updated by 
Updated by
Actions