On 10/9/13 12:14 PM, Dr. Stephen Henson wrote:
Before I get flooded with suggestions.. I know how to get a Windows
certificate into an X509 structure: I wrote the CAPI engine code that does it.
What I don't know (and which no thread I've read helps with) is how to
retrieve the trust settings which are rather important if you want to handle
this properly. By that I mean the list of checkboxes marked "certificate
purposes" which appear if you click on "advanced" in the certificates dialog
box.
I think you should be using CertGetCertificateContextProperty with a propid of
CERT_CTL_USAGE_PROP_ID (or is it CERT_ENHKEY_USAGE_PROP_ID? ... seems like
these might be aliased as I think both have a value of 9):
http://msdn.microsoft.com/en-us/library/aa376079%28v=vs.85%29.aspx
The returned data is ASN.1 encoded so you might have to decode it before
you can use the OIDs returned.
Here's a powershell example which does a DLLImport call to that function
which might be useful:
http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?List=332991f0-bfed-4143-9eea-f521167d287c&ID=69
The program output from their example appears to show the settings you
are after, so I think this is a good starting point.
-Brad
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
