openvpn-gui icon indicating copy to clipboard operation
openvpn-gui copied to clipboard

Published 20 hours ago verified publisher icon OpenVPN

better handling "missing Client Authentication (1.3.6.1.5.5.7.3.2)"

Open chipitsine opened this issue 8 years ago • 3 comments

I've encontered strange situation. people tried to use client certificates without "Client Authentication (1.3.6.1.5.5.7.3.2)"

it leads to

a) server refuses such cert b) client tries to reconnect (with no luck)

what I suggest is to think about better handling of such situations (either check certificate in openvpn-gui or openvpn itself of better handling such errors, i.e. not to reconnect)

chipitsine avatar Aug 23 '17 10:08 chipitsine

If I recall correctly, the problem is that the GUI does not get fine-grained information from OpenVPN about the reason why a connection failed. Until that is fixed, fixing this particular problem can be tricky. @selvanair can probably elaborate on this topic.

mattock avatar Aug 28 '17 12:08 mattock

I've looked through openvpn source code, as far as I understand, "Client Authentication (1.3.6.1.5.5.7.3.2)" is mandatory extension

if so, we can pre-check it before connection is ever established.

I agree that fine-grain information would be more helpful

chipitsine avatar Aug 28 '17 12:08 chipitsine

This is best discussed in openvpn-devel.

selvanair avatar Jan 24 '18 20:01 selvanair