openvpn - enable client validation of commonName in server's tls certificate
by default openvpn will validate any server cert it encounter's that is signed by the CA.
we could add tls-remote openvpn-gateway
to the client so that it would only validate connections where the server cert had a commonName of "openvpn-gateway".
this protects against an attacker impersonating an openvpn gateway if they obtain a server cert from a different type of service.
so, this is a low priority change, but also easy enough.
the reason this is a platform ticket is that i think ideally to support this well, we should generate the server certificates differently than we do now for openvpn usage.
(from redmine: created on 2012-11-23)