Hi,
Oh, it seems I replied to the stale thread (version 1). As Gert
mentioned, please include a version tag and use --in-reply-to
to keep it threaded in the next iteration.
Some additional comments below.
On Fri, Jun 4, 2021 at 10:41 AM Heiko Wundram wrote:
>
> The certificate selection proces
Hi,
>
> > > +static const CRYPT_OID_INFO *
> > > +find_oid(DWORD keytype, const void *key, DWORD groupid, bool
> > > +fallback) {
> > > +const CRYPT_OID_INFO *info = NULL;
> > > +
> > > +/* force resolve from local as first step */
> > > +if (groupid != CRYPT_HASH_ALG_OID_GROUP_ID &&
>
Hey,
> Just for completeness - I assume that this is a v2 of the patch, and
> "something
> was changed". Since we're all very lazy^Wbusy people, it would be good to
> include a list of v2 changes in the commit message, like this:
sorry for that, too; I added the corresponding info to the amende
Hi,
On Fri, Jun 04, 2021 at 04:31:25PM +0200, Heiko Wundram wrote:
> The certificate selection process for the Crypto API certificates
> is currently fixed to match on subject or identifier. Especially
> if certificates that are used for OpenVPN are managed by a Windows CA,
[..]
Just for complete
The certificate selection process for the Crypto API certificates
is currently fixed to match on subject or identifier. Especially
if certificates that are used for OpenVPN are managed by a Windows CA,
it is appropriate to select the certificate to use by the template
that it is generated from, esp
Hello Selva,
I'll send an updated patch wrt. some of your notes, for now just a quick reply
to some of them:
> I'm not convinced of the utility of this. It could be marginally useful in
> some
> setups where all users are tied to a domain and choosing any certificate that
> matches a template i
Hi,
I'm not convinced of the utility of this. It could be marginally
useful in some setups where all users are tied to a domain and
choosing any certificate that matches a template is appropriate. I
don't have a setup to test this.
Here are some general comments anyway.
On Tue, May 25, 2021 at 5
The certificate selection process for the Crypto API certificates
is currently fixed to match on subject or identifier. Especially
if certificates that are used for OpenVPN are managed by a Windows CA,
it is appropriate to select the certificate to use by the template
that it is generated from, esp
