id summary reporter owner description type status priority milestone component version severity resolution keywords cc 44 More Flexible TLS Verification for plugins derek.ditch "Plugins that implement OPENVPN_PLUGIN_TLS_VERIFY plugin type should be able to access the full X.509 certificate. This could be in addition to the currently provided environment variables. I would like to write/modify a plugin that can verify an X.509 certificate against an LDAP server. The problem is that I must meet the US Federal Government requirements of matching the Common Access Card certificates against the ""NT Principal Name"" attribute, which is under extension ""Subject Alternative Name"". Naturally, I could hack this into the OpenVPN source, but this environment variable wouldn't be useful to anyone outside the US Government. By providing plugin developers the full certificate, they may implement domain specific requirements as needed. Without this ability, I cannot use OpenVPN for my network. " Feature Wish closed major beta 2.3 plug-ins / plug-in API OpenVPN 2.1.0 / 2.1.1 (Community Ed) Not set (select this one, unless your'e a OpenVPN developer) fixed