certficate filtering
Karl O. Pinc
kop at karlpinc.com
Wed Apr 2 09:50:52 PDT 2025
On Wed, 2 Apr 2025 07:33:10 -0700 (PDT)
Frank Liu <fliu at tiger.openqnx.com> wrote:
> Is it possible to configure ocserv to filter the client certificate?
I don't see that feature, although I'm a user and may not have the
latest version installed.
> eg: only allow the connecting the CN of the client certificate ending
> with mytrusted.domain.com? matching certain regex filtering rules Or
> running a script to further process the certificate based
> authentication, such as what openvpn has:
> https://github.com/OpenVPN/openvpn/blob/master/sample/sample-scripts/verify-cn
What is the use-case for this? Why is specifying a certificate
authority cert to do the client cert validation not enough?
(Just curious.)
Regards,
Karl <kop at karlpinc.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
More information about the openconnect-devel
mailing list