On Wed, Oct 09, 2013, Brad House wrote: > On 10/9/13 12:14 PM, Dr. Stephen Henson wrote: > >Before I get flooded with suggestions.. I know how to get a Windows > >certificate into an X509 structure: I wrote the CAPI engine code that does > >it. > > > >What I don't know (and which no thread I've read helps with) is how to > >retrieve the trust settings which are rather important if you want to handle > >this properly. By that I mean the list of checkboxes marked "certificate > >purposes" which appear if you click on "advanced" in the certificates dialog > >box. > > > I think you should be using CertGetCertificateContextProperty with a propid > of > CERT_CTL_USAGE_PROP_ID (or is it CERT_ENHKEY_USAGE_PROP_ID? ... seems like > these might be aliased as I think both have a value of 9): > http://msdn.microsoft.com/en-us/library/aa376079%28v=vs.85%29.aspx > > The returned data is ASN.1 encoded so you might have to decode it before > you can use the OIDs returned. >
Thanks for the link. That is *VERY* interesting and I'll be looking into it as soon and my (alas rather hectic) schedule permits. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org