From f6cc1aad279ba95d70eb3c6a564eb50152cbeb63 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Thu, 1 Jul 2010 09:14:11 -0400
Subject: Disable remote-cert-tls for now in exported configs, it requires that
 the server certificate be built in a different way than we currently support.

---
 config/openvpn-client-export/openvpn-client-export.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'config/openvpn-client-export/openvpn-client-export.inc')

diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 85f18cae..c453b8e2 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -200,7 +200,8 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
 	}
 
 	// Prevent MITM attacks by verifying the server certificate.
-	$conf .= "remote-cert-tls server\n";
+	// - Disable for now, it requires the server cert to include special options
+	//$conf .= "remote-cert-tls server\n";
 
 	// add optional settings
 	if ($settings['compression'])
-- 
cgit v1.2.3