[Vpn-help] Chain verification on server certificate?

[Matthew Grooms]

Tai-hwa Liang wrote:
> On Fri, 20 Apr 2007, Matthew Grooms wrote:
> 
>   Understood.  Will try to give 2.0 branch a try. Hope that will fix
> the .vpn importing bug I observed in 1.1.0.
> 

Thanks. If you do see a problem, please submit a bug report for this so 
I can look into the issue.

>> There may be some issues with the certificate verification code that will
>> require some modifications to support this. I think there is still
>> enough time to get these fixes into the 2.0 final release.
>>
>> Unfortunately, I don't have a setup like this so I will need someone to
>> verify that the changes I make will fix the issue you identified. Would
>> you be willing to test some private beta builds?
> 
>   Sure.  Feel free to point me the downloading URL. :)
> 

I will do so. Please be patient with me as I am in the midst of trying 
to roll out the beta 2 release. It may be a few day until I can address 
this issue and get a build out for testing.

>> Thanks for the feedback,
> 
>   Out of curiosity, is that any plan to support Windows built cert/key
> store in the upcoming release such that users don't have to keep
> duplicated key/cert(for example, people who use Windows XP builtin 
> EAP-TLS already have to import their own key/cert into Windows cert/key
> database) in different places and possibily to utilise off-line storages
> such like smart cards?
> 

This has been mentioned before. I may attempt to implement this in the 
future but the current priorities are ...

1) Update the user documentation
2) Get the 2.0 product shipped
3) Fix the client to play nice with other installed clients
4) Get the 2.x drivers certified with MS
5) Finish off the initial BSD and Linux ports

... after which I will look at other features to include.

Thanks,

-Matthew