>> One not 100% reliable workaround would be to create a new bundle
>> PEM certificate file from the windows certificate stores when
>> the app starts before the context is initialized (see PemTool demo).
>> However if the CA certificate was not yet in the local Windows
>> store this method won't work :(
> I've done in that a few applications, but I thought there would be a
> better way.
> This is for a small application that is downloaded for each run and I
> added the CA the company uses to keep the exe as small as possible
> Some of our clients go "CA shopping", so you never know the CA to
Another idea was to mimic the MS certificate server. The application
could download a missing certificate from your website.
> You centainly don't want to know their answers whenever this happens,
> especially enterprise clients...
I can imagine the trouble, however OpenSSL was choosen as the SSL
implementation with cross platform support in mind, I still think this
was a good decision.
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be