On Wed, Oct 09, 2013, Brad House wrote:

> On 10/9/13 12:14 PM, Dr. Stephen Henson wrote:
> >Before I get flooded with suggestions.. I know how to get a Windows
> >certificate into an X509 structure: I wrote the CAPI engine code that does 
> >it.
> >
> >What I don't know (and which no thread I've read helps with) is how to
> >retrieve the trust settings which are rather important if you want to handle
> >this properly. By that I mean the list of checkboxes marked "certificate
> >purposes" which appear if you click on "advanced" in the certificates dialog
> >box.
> 
> 
> I think you should be using CertGetCertificateContextProperty  with a propid 
> of
> CERT_CTL_USAGE_PROP_ID (or is it CERT_ENHKEY_USAGE_PROP_ID? ... seems like
> these might be aliased as I think both have a value of 9):
> http://msdn.microsoft.com/en-us/library/aa376079%28v=vs.85%29.aspx
> 
> The returned data is ASN.1 encoded so you might have to decode it before
> you can use the OIDs returned.
> 

Thanks for the link. That is *VERY* interesting and I'll be looking into it as
soon and my (alas rather hectic) schedule permits.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to