OpenVPN Client Export and verify-x509-name vs tls-remote
-
I updated the OpenVPN Client Export package (now 1.2.1) and changed how the server CN verification works. It should be fairly automatic and self-explanatory but here's a bit of info:
- At the default, it will use verify-x509-name and quote the server CN, since I couldn't find any OpenVPN 2.3 client that rejected the quoted server CN.
- You can force it to use tls-remote, with or without quoting the server CN since some clients break with/without that.
- You can now also choose to disable server CN verification
I hope that clears up any of the recent mess.
-
Missed a file in the last commit, it's 1.2.2 now, should be OK to try.