> -Original Message-
> From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
> Sent: Sunday, October 19, 2008 4:40 PM
> To: Dave
> Cc: openvpn devel
> Subject: Re: [Openvpn-devel] [MSCAPI] Need testers
>
>
> The CRL that is used is of the CDP of the certificate where
&
The CRL that is used is of the CDP of the certificate where the
extension is specified. This also enables the CA to produce several
smaller CRLs, and attach each part to different set of certificates.
You can read [1] for more.
I don't know what you exactly do in your testing. I suggest you
insta
...
>
> > * The CRL is pulled from the CDP in the CA certificate
> (i.e. not the
> > end entity certs)
>
> Not true.
> Each certificate is validated against the CRL referred via
> its own CDP extension. If there is CDP on root CA it can suicide.
...
Certainly not the case in my test. I cr
the certs signed with the original CA cert will
> still be valid with respect to the newly created (and modified) CA cert.
Thanks!
>
>
> -Dave
>
>
>
> > -Original Message-
> > From: Dave [mailto:d...@ziggurat29.com]
>
> > Sent: Saturday, October 18,
be valid with respect to the newly created (and modified) CA cert.
-Dave
> -Original Message-
> From: Dave [mailto:d...@ziggurat29.com]
> Sent: Saturday, October 18, 2008 6:08 PM
> To: 'Alon Bar-Lev'
> Cc: 'openvpn devel'
> Subject: Re: [Openvpn-deve
gt; > of the CRL
> > > > act like nothing is revoked, or add some
> options/parameters, maybe
> > > > like:
> > > >
> > > > cryptoapi-chain-validation require-crl-present
> > > >
> > > > I'd still like t
t; -Dave
>
> > -Original Message-
> > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
>
> > Sent: Saturday, October 18, 2008 4:19 PM
> > To: Dave
> > Cc: openvpn devel
> > Subject: Re: [Openvpn-devel] [MSCAPI] Need testers
> >
> >
>
r Windows build/test environment. This is what I do for my
five-or-so different build environments.
-Dave
> -Original Message-
> From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
> Sent: Saturday, October 18, 2008 4:19 PM
> To: Dave
> Cc: openvpn devel
> Subject: Re:
l CAPI built-in OCSP/CRL checking
>
>
> -Dave
>
> > -Original Message-
> > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
>
> > Sent: Saturday, October 18, 2008 3:29 PM
> > To: Dave
> > Cc: openvpn devel
> > Subject: Re: [Openvpn-d
OCSP/CRL checking
-Dave
> -Original Message-
> From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
> Sent: Saturday, October 18, 2008 3:29 PM
> To: Dave
> Cc: openvpn devel
> Subject: Re: [Openvpn-devel] [MSCAPI] Need testers
>
>
> Oh!
> Thanks
> I
t; Cc: 'openvpn devel'
> > Subject: RE: [Openvpn-devel] [MSCAPI] Need testers
> >
> >
> > Alas, the same.
> >
> > > -Original Message-
> > > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
> > > Sent: Saturday, O
> as having had happened at the same location.
>
>
> -Dave
>
> > -Original Message-
> > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
>
> > Sent: Saturday, October 18, 2008 1:51 PM
> > To: Dave
> > Cc: openvpn devel
> > Subjec
to:alon.bar...@gmail.com]
> Sent: Saturday, October 18, 2008 1:51 PM
> To: Dave
> Cc: openvpn devel
> Subject: Re: [Openvpn-devel] [MSCAPI] Need testers
>
>
> I cannot see what is wrong, what exactly crashes? Do you have
> an entry in event log?, I recompiled everything at [
---
> > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
>
> > Sent: Saturday, October 18, 2008 1:01 PM
> > To: Dave
> > Cc: openvpn devel
>
> > Subject: Re: [Openvpn-devel] [MSCAPI] Need testers
> >
> >
>
> > Thank you for testing!
> >
Thank you for testing!
Found the problem... CryptoAPI cannot validate root certificate... OK,
can you please test [1]?
I also renamed the option from cryptoapica to
cryptoapi-chain-validation, I think it is clearer.
Thanks!
Alon.
[1] http://alon.barlev.googlepages.com/openvpn-mscapi-test-5.tar.
ould be great if the 'CRL distribution point' and 'Authority Info
> Access' 'OCSP' certificate extensions were used, but that's another
> projectlette in itself, no?
>
>
> -Dave
>
>
> > -Original Message-----
> > From:
From: Alon Bar-Lev [mailto:alon.bar...@gmail.com]
> Sent: Sunday, October 12, 2008 1:07 AM
> To: Dave
> Cc: openvpn devel; Peter 'Luna' Runestig
> Subject: Re: [Openvpn-devel] [MSCAPI] Need testers
>
>
> Thank you dave!
>
> Let's divide this into two th
Thank you dave!
Let's divide this into two threads.
1. I've cleanup the OpenSSL integration, this should not change
existing behavior... All you need to verify that OpenVPN continue to
work while using private key from CAPI store.
2. Add the CAPI certificate validation.
>From what I understand,
...
> ...
> > As part of modification of the mscapi (cryptoapi.c) file, I
> > try to cleanup the openssl usage. I don't have Windows
> > environment to test.
> >
> > I will be glad if users of this feature help me testing this.
...
> ...
> Sure, I could do it now but what are the test cases we ar
...
> As part of modification of the mscapi (cryptoapi.c) file, I
> try to cleanup the openssl usage. I don't have Windows
> environment to test.
>
> I will be glad if users of this feature help me testing this.
>
> Sources are located at [1], binaries at [2].
>
> No change in functionality sh
20 matches
Mail list logo
