On Sat, Nov 09, 2013, Christian Heimes wrote:

> Am 10.10.2013 13:58, schrieb Dr. Stephen Henson:
> >> I think you should be using CertGetCertificateContextProperty  with a 
> >> propid of
> >> CERT_CTL_USAGE_PROP_ID (or is it CERT_ENHKEY_USAGE_PROP_ID? ... seems like
> >> these might be aliased as I think both have a value of 9):
> >> http://msdn.microsoft.com/en-us/library/aa376079%28v=vs.85%29.aspx
> >>
> >> The returned data is ASN.1 encoded so you might have to decode it before
> >> you can use the OIDs returned.
> >>
> > 
> > Thanks for the link. That is *VERY* interesting and I'll be looking into it 
> > as
> > soon and my (alas rather hectic) schedule permits.
> 
> It's even easier to get the enhanced key usage for a certificate in
> Windows' cert store. CertGetEnhancedKeyUsage() returns a
> CERT_ENHKEY_USAGE struct with the EKU OIDs as char*, e.g.
> 1.3.6.1.5.5.7.3.1. The flag controls if the functions returns the EKU
> OIDs from the properties (certmgr.msc settings) or X509v3 extension. I
> have some C as well as some Python+ctypes code here.
> 

I've finally had a chance to check out some of these suggested methods of
retrieving the trust settings. 

Everything I've tried so far just returns a copy of the certificate's extended
key usage extension in various forms. This is useless and I can get that from
the certificate anyway. To double check I try setting or clearing a value in
the UI and it makes no difference :-(

If anyone has any other ideas (and please double check that they really
reflect the UI settings by changing them) I'd be interested to know the
details.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to