On Tue, Oct 08, 2013, Perrow, Graeme wrote: > Thanks for your response. I did not know this functionality was in OpenSSL, > so this may make my work much easier. I have two further questions: > > 1. Is there any documentation anywhere on this engine? All I've found is a > few previous postings on this mailing list and a few others on how to > configure the openssl utility to use it but not 3rd party applications. > > 2. If I'm building OpenSSL as a shared object (using the OpenSSL FIPS > module), the ENGINE_load_capi function does not exist in either libeay32.lib > or ssleay32.lib. I'm guessing it's in capi.dll but I have no idea how to load > and use it through that interface. >
The CAPI engine doesn't support verification through a Windows certifcate store. There are some debugging options which can dump a whole Windows store to a file which might be of some use, though you can do the same with the Windows certificate wizards. If that's of interest let me know. A problem with using the Windows stores is which certificates to actually use. The stores contain root CAs which should be used only for verification of servers, clients, email and some other pruposes too. I never found out a way using Windows APIs to extract this information. If someone knows how I'd appreciate some pointers. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
