Package: openvpn Version: 2.1~rc11-1 Severity: wishlist
I recently set up OpenVPN between two Lenny systems, using my own existing certificates generated with OpenSSL by hand. When in server mode, OpenVPN will happily use a certificate without "nsCertType = server". No OpenVPN client will accept that certificate. I think that OpenVPN in server mode should check its certificate for that attibute or its GnuTLS equivalent, and display a warning or error if it is missing. Dave -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii liblzo2-2 2.03-1 data compression library ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l ii libpkcs11-helper1 1.05-1 library that simplifies the intera ii libssl0.9.8 0.9.8g-15+lenny6 SSL shared libraries ii openssl-blacklist 0.4.2 list of blacklisted OpenSSL RSA ke ii openvpn-blacklist 0.3 list of blacklisted OpenVPN RSA sh Versions of packages openvpn recommends: ii net-tools 1.60-22 The NET-3 networking toolkit Versions of packages openvpn suggests: ii openssl 0.9.8g-15+lenny6 Secure Socket Layer (SSL) binary a ii resolvconf 1.42 name server information handler -- debconf information: openvpn/vulnerable_prng: openvpn/create_tun: false -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
