Hi Selva, Thanks for doing the tests!
Hi, On Wed, Apr 20, 2016 at 2:51 AM, Samuli Seppänen <sam...@openvpn.net <mailto:sam...@openvpn.net>> wrote: Hi, So far the new driver (tap6-dual-sha1-sha2ev) looks promising: it works on 64-bit Vista, 7 and 10: <https://community.openvpn.net/openvpn/wiki/TapWindows6CodesignTests> Selva: can you try this new driver on your Vista 32-bit and Windows Server 2008? If you still have not updated them then please don't: it's probably best to test again systems which are more likely to cause issues. To add to what's already confirmed, the new driver works for me too on Windows 10 and window 7 (both 64bit) -- no problems with installation or use; same as the earlier sha2-only version.
Great! I added all of your results to the Wiki page.
The behaviour on vista 32 (still not updated) is somewhat strange -- both the -sha2 and -sha1-sha2 now installs without any warning after the first forced installation --- i.e., install ignoring a stern warning, remove, and then install again and the second time onwards there are no warnings. I did not select the "trust this publisher" button or anything, but it behaves as if. Anyway, dual signatures appear to be fine even with this out-of-date vista machine though it may be seeing only the first signature: file properties shows only one digest -- sha2 on the first version and sha1 on the second one.
Ok, if Vista can only see one signature then making SHA1 the primary one made perfect sense. Interestingly the capability to add multiple signatures/timestamps to a file has appeared relatively recently: signtool.exe bundled with WinDDK 7600.* does not support it.. Windows Kit 10 (successor to WinDDK I presume) does have multiple signature support.
Updating the vista machine is probably not going to happen -- too many failures trying to do so and considering this was booted into vista first time in 2 years, it looks like a lost battle.
Yeah, don't worry about it. I think the driver has proven itself to the degree it can without actually being tested in the wild.
-- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
