On Thu, Jul 13, 2017, Matthew Stickney wrote: > > You may have been looking at a different version of IE than what I've > got on my Windows 7 VM, but at least here IE doesn't allow you to set > certificate purposes: it has a dialog that looks just like that (under > the "Advanced" button in the certificate list), but that's only used > to select the set of usages you want to display if you choose > "<Advanced Purposes>" in the "Intended Purpose" dropdown at the top > (it's effectively just a customizable display filter). >
It's been a while since I looked at it yes. IIRC before when you selected a root (or other) certificate under the Details tab you could select "Edit Properties..." now the box is greyed out unless you run as administrator or select a user added certificate. > I've been reading through OpenSSL's verification code a bit, and from > what I'm seeing it looks like purposes could be set for an existing > certificate by setting the appropriate bits in the ex_kusage or > ex_xkusage fields, at least for standard usages. Is that right? > No those are just caches of the contents of the key usage and extended key usage extensions. The function you need to call is X509_add1_trust_object() for each trust setting. You could also call X509_alias_set1 to set the friendly name of the certificate. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
