Paul wrote:
>> One not 100% reliable workaround would be to create a new bundle
>> PEM certificate file from the windows certificate stores when
>> the app starts before the context is initialized (see PemTool demo).
>> However if the CA certificate was not yet in the local Windows
>> store this method won't work :(
> 
> I've done in that a few applications, but I thought there would be a
> better way.
> This is for a small application that is downloaded for each run and I
> added the CA the company uses to keep the exe as small as possible
> Some of our clients go "CA shopping", so you never know the CA to
> check.

Another idea was to mimic the MS certificate server. The application
could download a missing certificate from your website.  
 
> 
> You centainly don't want to know their answers whenever this happens,
> especially enterprise clients...

I can imagine the trouble, however OpenSSL was choosen as the SSL 
implementation with cross platform support in mind, I still think this 
was a good decision. 

--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to