Re: [openssl-dev] Windows system cert store

2017-07-14 Thread Dr. Stephen Henson
On Thu, Jul 13, 2017, Matthew Stickney wrote: > > You may have been looking at a different version of IE than what I've > got on my Windows 7 VM, but at least here IE doesn't allow you to set > certificate purposes: it has a dialog that looks just like that (under > the "Advanced" button in the

Re: [openssl-dev] Windows system cert store

2017-07-13 Thread Matthew Stickney
I should have read the previous post more carefully: CertGetEnhancedKeyUsage() is definitely the function for returning the certificate usages reported by the system store manager (either the ones set in the cert itself, the ones in the "extended property" that can be set at will, or the effective

Re: [openssl-dev] Windows system cert store

2017-07-12 Thread Matthew Stickney
On Wed, Jul 12, 2017 at 8:48 AM, Dr. Stephen Henson wrote: > Yes they're external properties. The certificate encoding returned can't be > modified of course because that would break the signature. That's a good point (I'm a little embarassed to have missed that). > I think

Re: [openssl-dev] Windows system cert store

2017-07-12 Thread Dr. Stephen Henson
On Sun, Jul 09, 2017, Matthew Stickney wrote: > The Certificate Manager in Windows does allow you to change the trust > settings for root certs (including the purposes reported by openssl > x509 -purpose), although those changes don't appear to be reflected in > the cert dumped from the store (so

Re: [openssl-dev] Windows system cert store

2017-07-09 Thread Matthew Stickney
The Certificate Manager in Windows does allow you to change the trust settings for root certs (including the purposes reported by openssl x509 -purpose), although those changes don't appear to be reflected in the cert dumped from the store (so they must be stored externally). I think the original

Re: [openssl-dev] Windows system cert store

2017-07-09 Thread Kurt Roeckx
On Sun, Jul 09, 2017 at 09:15:32AM +0200, Richard Levitte wrote: > In message >

Re: [openssl-dev] Windows system cert store

2017-07-09 Thread Brad House via openssl-dev
On 7/8/17 11:22 PM, Matthew Stickney wrote: Back in 2010, there was some discussion on this list of adding code to load certificates from the system cert store on Windows by default, since the default verification paths typically don't point to anything (this was ticket #2158, which was

Re: [openssl-dev] Windows system cert store

2017-07-09 Thread Alok Sharma
Ljkikh9 On 09-Jul-2017 12:45 PM, "Richard Levitte" wrote: In message

Re: [openssl-dev] Windows system cert store

2017-07-09 Thread Richard Levitte
In message