Faidon, If you send me a binary build for Windows 32-bit, I'll test it against expired and revoked certs. I presume I don't need a server configured for this test; it should fail client side before attempting to connect?
Jason -----Original Message----- From: Faidon Liambotis [mailto:parav...@debian.org] Sent: Tuesday, 07 October, 2008 15:53 To: Alon Bar-Lev Cc: Jason R. Coombs; openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] [PATCH v4] Use CryptoAPI CA store (was Re: [PATCH v3] Use CryptoAPI CA store) Hi, Alon Bar-Lev wrote: > On 9/27/08, Alon Bar-Lev <alon.bar...@gmail.com> wrote: >> I prefer to receive patches... >> Anyway, this is not exactly what I meant. >> Please review latest head. >> I did not test this, but it should be correct now as far as the >> changes are concerned. >> It may not work as the validation process was never tested. > > Any news? Thanks for reviving this. I built it and tried it and seems to work. I didn't test with revoked or expired certificates, however. As for warnings there's just a trivial one: cryptoapi.c:429: warning: passing arg 2 of `d2i_X509' from incompatible pointer type Regards, Faidon
smime.p7s
Description: S/MIME cryptographic signature