subject:"Re\: \[Openvpn\-devel\] \[PATCH v2\] Use CryptoAPI to verify certificates"

Re: [Openvpn-devel] [PATCH v2] Use CryptoAPI to verify certificates

2007-01-04 Thread Faidon Liambotis

Hi,
Thank you for your comments.

Alon Bar-Lev wrote:
> On 1/3/07, Faidon Liambotis  wrote:
>> Ok, here's another try, even though I didn't get any comments on the
>> first one :-)
>>
>> This is a totally different approach; the previous one was flawed in at
>> least two aspects:
> 
> This is better.
> But you should use CertVerifyCertificateChainPolicy in order to verify
> chain, you should have two policies, one for server and one for
> client...
I've thought about it but didn't implement it because the only policy I
could think of was the nsCertType checking which is already being done
by OpenSSL if the user requested it.

> I think you can remove the global variable you added to ssl.c and put
> it in the session.
True, I will fix this.

Regards,
Faidon

Re: [Openvpn-devel] [PATCH v2] Use CryptoAPI to verify certificates

2007-01-03 Thread Alon Bar-Lev


On 1/3/07, Faidon Liambotis  wrote:

Ok, here's another try, even though I didn't get any comments on the
first one :-)

This is a totally different approach; the previous one was flawed in at
least two aspects:


This is better.
But you should use CertVerifyCertificateChainPolicy in order to verify
chain, you should have two policies, one for server and one for
client...

I think you can remove the global variable you added to ssl.c and put
it in the session.

Another thing... I think the MinGW specific code should be dropped, I
know it was in the previous source... But there should be no problem
in creating one code which runs on both.

Best Regards,
Alon Bar-Lev.

Re: [Openvpn-devel] [PATCH v2] Use CryptoAPI to verify certificates

Re: [Openvpn-devel] [PATCH v2] Use CryptoAPI to verify certificates

2 matches

Site Navigation

Mail list logo

Footer information