On Wed, Oct 09, 2013, Frank Gross wrote:
> To use Windows keystore in openssl, I did following:
>
> At application startup, I use the windows API to get all trusted
> certificates from Key store. Then for each of them, I create the
> openssl X509 one via d2i_X509() and register it into the openssl
> store via X509_STORE_add_cert().
>
> Sample to create a Windows Certificate to a openssl X509 one :
>
> X509* CryptoCreateX509Certificate(PCCERT_CONTEXT cert) {
> X509* myX509=NULL;
> unsigned char* buffer=cert->pbCertEncoded;
> int len=cert->cbCertEncoded;
> if (cert->dwCertEncodingType&X509_ASN_ENCODING) {
> myX509=d2i_X509(NULL,&buffer,len);
> }
>
Before I get flooded with suggestions.. I know how to get a Windows
certificate into an X509 structure: I wrote the CAPI engine code that does it.
What I don't know (and which no thread I've read helps with) is how to
retrieve the trust settings which are rather important if you want to handle
this properly. By that I mean the list of checkboxes marked "certificate
purposes" which appear if you click on "advanced" in the certificates dialog
box.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
