Oh man. So what do people do for Windows? Is there an example out there to follow? Or does everyone just write their own stuff using the MS CryptoAPI's?
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jim Adams > Sent: Friday, March 04, 2005 12:46 PM > To: openssl-users@openssl.org > Subject: RE: Does anybody know where certs are installed on Windows? > > > SSL_CTX_load_verify_locations() is called to tell Openssl > where your application has stored your .0 root cert files. > Windows does not keep its root certs in a directory, or in .0 > format. So Openssl cannot verify directly against Windows' > certs. You can retrieve Windows' certs using the Crypto API > (functions beginning with "Cert", such as CertOpenSystemStore(). > You can convert them to a form that Openssl can use, but it > takes a little work. > So, you could retrieve all of the Windows certs from their > trusted root store and write them out to .0 files in the > directory you supplied to Openssl via > SSL_CTX_load_verify_locations(). But this is anything but automatic. > CryptoAPI and Openssl can share info via compatible > structures, but that is about as far as it goes. The rest is > up to you. > > Jim > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Edward Chan > Sent: Friday, March 04, 2005 2:58 PM > To: openssl-users@openssl.org > Subject: RE: Does anybody know where certs are installed on Windows? > > I understand the usage of the API. What I mean is, how do > you know what directory or file to specify, if this is not > easily known? Dr. Henson said that the certs are stored in > the Windows registry but that the location is retrievable > using certain Cert* Win32 API's. Just wondering if anybody > knew off hand what API's I should use since this must be a > common thing that people do for Windows to use > SSL_CTX_load_verify_locations() , right? > > Ed > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Darya > > Mazandarany > > Sent: Friday, March 04, 2005 11:38 AM > > To: openssl-users@openssl.org > > Subject: RE: Does anybody know where certs are installed on Windows? > > > > You would call SSL_CTX_load_verify_locations(SSL_CTX*, <path to cert > > file>, <path to directory containing public keys>) with > either the 2nd > > or 3rd param optionally NULL, but not both. > > > > The file would contain one or more CA public keys and the > directory is > > ca public keys with the name of the file being a hash of > the ca name > > with a .0 extension. > > > > Darya > > > > -----Original Message----- > > From: Edward Chan [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 04, 2005 11:23 AM > > To: openssl-users@openssl.org > > Subject: RE: Does anybody know where certs are installed on Windows? > > > > Does anybody know off hand what the API is to call to find the > > location? > > How are people calling SSL_CTX_load_verify_locations() on Windows? > > > > Thanks, > > Ed > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Dr. > > > Stephen Henson > > > Sent: Thursday, March 03, 2005 1:09 PM > > > To: openssl-users@openssl.org > > > Subject: Re: Does anybody know where certs are installed > on Windows? > > > > > > On Thu, Mar 03, 2005, Edward Chan wrote: > > > > > > > Is there a Win32 API or something that can tell me where > > certs get > > > > installed on Windows? > > > > > > > > > > They are installed in the registry. The precise location isn't > > > officially documented. It is possible to search and access > > them using > > > CryptoAPI. The relevant functions all being with "Cert". > > > > > > Steve. > > > -- > > > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see > > homepage OpenSSL > > > project core developer and freelance consultant. > > > Funding needed! Details on homepage. > > > Homepage: http://www.drh-consultancy.demon.co.uk > > > > > > ______________________________________________________________________ > > > OpenSSL Project > > http://www.openssl.org > > > User Support Mailing List > > openssl-users@openssl.org > > > Automated List Manager > > [EMAIL PROTECTED] > > > > > > ______________________________________________________________________ > > OpenSSL Project > http://www.openssl.org > > User Support Mailing List > openssl-users@openssl.org > > Automated List Manager > [EMAIL PROTECTED] > > > > > ______________________________________________________________________ > > OpenSSL Project > http://www.openssl.org > > User Support Mailing List > openssl-users@openssl.org > > Automated List Manager > [EMAIL PROTECTED] > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
