On Wed, Jul 12, 2017 at 8:48 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > Yes they're external properties. The certificate encoding returned can't be > modified of course because that would break the signature.
That's a good point (I'm a little embarassed to have missed that). > I think I did some experiments with CertGetEnhancedKeyUsage()[...] It looks like another good candidate might be CertGetCertificateContextProperty() with the CERT_CTL_USAGE_PROP_ID flag. At least in principle, that's pulling usage information from the cert context, rather than the cert itself. I'll do some testing after work tonight. -Matt Stickney -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev