I cannot see what is wrong, what exactly crashes? Do you have an entry in event log?, I recompiled everything at [1], I may had a problem with the libraries. Can you please test only with cryptoapicert and see if it changes something?
Thanks! [1] http://alon.barlev.googlepages.com/openvpn-mscapi-test-6.tar.bz2 On 10/18/08, Dave <d...@ziggurat29.com> wrote: > A little bit further, though now it crashes for me using all the binaries > you included in your bz file. Log attached herewith in case that helps > locate the area affected. > > > -Dave > > > -----Original Message----- > > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > > > Sent: Saturday, October 18, 2008 1:01 PM > > To: Dave > > Cc: openvpn devel > > > Subject: Re: [Openvpn-devel] [MSCAPI] Need testers > > > > > > > Thank you for testing! > > > > Found the problem... CryptoAPI cannot validate root > > certificate... OK, can you please test [1]? > > > > I also renamed the option from cryptoapica to > > cryptoapi-chain-validation, I think it is clearer. > > > > Thanks! > > Alon. > > > > [1] http://alon.barlev.googlepages.com/openvpn-mscapi-test-5.tar.bz2 > > > > On 10/18/08, Dave <d...@ziggurat29.com> wrote: > > > attached herewith is the log of the (failed) attempt(s) to connect. > > > > > > Certs are all OK as far as I can tell (no red X overlaid). > > > > > > This CA cert I created some years back with easy-RSA. > > These days I > > > now manage my CA with XCA off a USB key, but I imported > > that CA cert > > > rather than rebuilding the PKI. > > > > > > Your CRL/OCSP suggestion is interesting, though of course that's > > > Windows only (my servers are all Linux). Actually I was > > hoping for > > > an extension of the OCSP patch that was submitted about a > > year ago, > > > but maybe that is a task for me to do! Then it would be general > > > across Windows/Linux. I have not used the extensions > > before, and I > > > would love it if you had an example cert with the CDP or OCSP > > > extensions filled out so I can use that as a reference to proper > > > form. My OCSP responder also runs on Linux, rather than Windows. > > > > > > > > > -Dave > > > > > > ... > > > > > > > Thank you for your tests! > > > > > > > > Your configuration is correct. > > > > > > > > Can you please double click the certificate at the MMC, > > and > see > > > if it marked "OK"? If there is an error then there is > probably > > > something wrong with CA location or CRL fetch. > > > > > How did you enroll your certificate? If you did this via > > > > microsoft CA, you have CDP (CRL distribution point) X.509 > > > > extension that is used by Windows to automatically fetch your > > > > CRL. If you got OCSP responder which is integrated with CAPI > > > > on your machine it will also work in this configuration. > > > > > > > > I added some more debugging information. > > > > Please run the new version [1] with verb 255. > > > > Thanks! > > > > > > ... > > > > > > > > > > > -------------------------------------------------------------- > > ----------- > > This SF.Net email is sponsored by the Moblin Your Move > > Developer's challenge Build the coolest Linux based > > applications with Moblin SDK & win great prizes Grand prize > > is a trip for two to an Open Source event anywhere in the > > world http://moblin-contest.org/redirect.php?banner_id=100&url=/ > > _______________________________________________ > > Openvpn-devel mailing list > > Openvpn-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > > > >
