On Tue, Oct 08, 2013, Perrow, Graeme wrote:

> Thanks for your response. I did not know this functionality was in OpenSSL, 
> so this may make my work much easier. I have two further questions:
> 
> 1. Is there any documentation anywhere on this engine? All I've found is a 
> few previous postings on this mailing list and a few others on how to 
> configure the openssl utility to use it but not 3rd party applications.
> 
> 2. If I'm building OpenSSL as a shared object (using the OpenSSL FIPS 
> module), the ENGINE_load_capi function does not exist in either libeay32.lib 
> or ssleay32.lib. I'm guessing it's in capi.dll but I have no idea how to load 
> and use it through that interface.
> 

The CAPI engine doesn't support verification through a Windows certifcate
store. There are some debugging options which can dump a whole Windows
store to a file which might be of some use, though you can do the same with
the Windows certificate wizards. If that's of interest let me know.

A problem with using the Windows stores is which certificates to actually use.
The stores contain root CAs which should be used only for verification of
servers, clients, email and some other pruposes too. I never found out a way
using Windows APIs to extract this information. If someone knows how I'd
appreciate some pointers.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to