Hello, I cleaned it up a little but still things should be done:
1. Add initialize code and load all entry points for this module at one place, single LoadLibrary etc... 2. Add cleanup code to unload all static module resources. 3. Check SSL role by OpenSSL configuration (client or server), see TODO signature. 4. Cleanup warnings. Available at [1], I did not check it as I don't have active Windows configuration now. Can you please complete it? Alon. [1] http://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21-ms-chk-2/openvpn On 9/24/08, Jason R. Coombs <jar...@jaraco.com> wrote: > I'd really like to see this feature in a future build. > > Is there anything more that needs to be done to integrate this into 2.1? > I can help with code cleanup/refactoring. I don't have a development > environment set up, though, so I'd be working blind. > > Cheers, > Jason > > On 9/23/07, Faidon Liambotis Wrote: > Alon Bar-Lev wrote: > > On 9/22/07, Faidon Liambotis <paravoid@xxxxxxxxxx> wrote: > >> Alon Bar-Lev wrote: > >>> So you need to use CertVerifyCertificateChainPolicy() with > CERT_CHAIN_POLICY_SSL > >> I'm no Microsoft developer (adn I don't want to be to be honest) but > if > >> I understand it right, it's better to call CertGetCertificateChain() > as > >> I am doing. > > > > You need to use both, one for create the chain and the other to verify > > that it meets with system CTL for SSL. > Seems that you are right. Below you will find -v4 of the patch that does > that. > > Also, my previous version didn't actually check for revocations, > contrary to what I documented. > I added CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT to the dwFlags of > CertGetCertificateChain. > > Let me know what you think. > > Thanks, > Faidon > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
