On 10/9/13 10:20 AM, Dr. Stephen Henson wrote:
The CAPI engine doesn't support verification through a Windows certifcate
store. There are some debugging options which can dump a whole Windows
store to a file which might be of some use, though you can do the same with
the Windows certificate wizards. If that's of interest let me know.

A problem with using the Windows stores is which certificates to actually use.
The stores contain root CAs which should be used only for verification of
servers, clients, email and some other pruposes too. I never found out a way
using Windows APIs to extract this information. If someone knows how I'd
appreciate some pointers.

I was researching that a while back and came across this discussion chain:
http://www.mail-archive.com/openssl-dev@openssl.org/msg26958.html

It appears an RT ticket with patch was filed here:
http://rt.openssl.org/Ticket/Display.html?id=2158

I believe it contains the info you're looking for.

-Brad
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to