Paul wrote:
>> One not 100% reliable workaround would be to create a new bundle
>> PEM certificate file from the windows certificate stores when
>> the app starts before the context is initialized (see PemTool demo).
>> However if the CA certificate was not yet in the local Windows
>> store this method won't work :(
> I've done in that a few applications, but I thought there would be a
> better way.
> This is for a small application that is downloaded for each run and I
> added the CA the company uses to keep the exe as small as possible
> Some of our clients go "CA shopping", so you never know the CA to
> check.

Another idea was to mimic the MS certificate server. The application
could download a missing certificate from your website.  
> You centainly don't want to know their answers whenever this happens,
> especially enterprise clients...

I can imagine the trouble, however OpenSSL was choosen as the SSL 
implementation with cross platform support in mind, I still think this 
was a good decision. 

Arno Garrels
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to