> On Wed, Sep 7, 2016 at 8:03 PM, Samuli Seppänen <sam...@openvpn.net > <mailto:sam...@openvpn.net>> wrote: > > > The SHA1 signature is/was needed to support Windows Vista. It was > created using a normal (non-EV) kernel-mode Authenticode certificate. > > > As far as I'm aware, a fully patched WinXP box fully supports SHA2 - so > you shouldn't have any issues with Vista+?
This Windows XP installer is signed with the new SHA2 code-signing certificate: <http://build.openvpn.net/downloads/snapshots/openvpn-install-2.3.12-I001-winxp-sha2-test-i686.exe> If a fully-patched Windows XP understands SHA2 Authenticode signatures then it should not show "Unknown publisher" in "File properties" dialog for the installer, executables or libraries. The tap-windows driver is still signed with the old key, so that cannot be used to validate the signature. Does anyone have a fully-patched Windows XP system to test the above installer on? -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock [*] This may not be exactly true, because even Windows 7 can show "Unknown publisher" here, even if the signature is perfectly valid. ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
