Changes between Version 5 and Version 6 of SandBox


Ignore:
Timestamp:
10/24/17 21:03:01 (3 months ago)
Author:
tincantech
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SandBox

    v5 v6  
    1 = ''The Sandbox'' =
    2 ''Please feel free to edit, improve and correct.''
    3 
    4 ----
    5 
    6 = OpenVPN 2.4 new Certificate Revocation List method. =
    7 
    8 Processing the Certificate Revocation List (CRL) in OpenVPN 2.4 is now handled by the Crypto Library with which OpenVPN has been built.  This means the list is processed much more rigidly than before.
    9 (Previously, in OpenVPN 2.3, a ''built-in'' check was used).
    10 
    11 Specifically, the Crypto Library (Usually OpenSSL) will check '''all''' fields,  this check includes the `nextUpdate` field and CRLs with an expired `nextUpdate` field are flagged as '''expired''' by OpenSSL (The ''built-in'' check in OpenVPN 2.3 did not check this field).
    12 
    13 In order to fix this, regenerate the CRL with a new `nextUpdate` value.  If you don't want your CRLs
    14 expire put that value far enough into the future.
    15 
    16 Using [https://github.com/OpenVPN/easy-rsa/releases EasyRSA] a new CRL can be generated with `./easyrsa gen-crl`
    17 
    18 Source: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13806.html