TinCanTech
TinCanTech
`remove_metadata()` is still unsafe.
All TLS-Crypt-V2 Server Keys should have serial numbers. Going to be a fairly intrusive change ..
Hashing the various index files has been disabled, both during an update of the index and when building Master hash. So far the results seem ok, manual changes are still...
Status: Permanently **disabled** all verify and save functions for all hash files except Master hash.
This is probably completed ..
Better to have a shared (copy/pasted) function to load all external files.
Review this: ``` * Select the level of hardware-address verification required ? +---------------------------------------- | TLS-Auth/Crypt and TLS-Crypt-V2 Server +---------------------------------------- | [0] Low - Allow all keys to connect, hwaddr verification...
First, try to create a _conflicting_ inline file .. 1. Create a TLS-Crypt-v1 client inline file. 2. Create a Server and Client+subkey-name TLS-Crypt-v2 pair. 3. Create an inline file for...
It may be possible to over-ride current behaviour, to allow multiple type of TLS key per X509 client certificate with a switch for `easytls-verify.sh`. The switch would still detect clients...