Another idea was to mimic the MS certificate server. The application
could download a missing certificate from your website.


Is not save when you don't where you are downloading it from (I have no control of what our clients are doing)

I can imagine the trouble, however OpenSSL was choosen as the SSL
implementation with cross platform support in mind, I still think this
was a good decision.

It still is.

Maybe I will add the most common CA's .
Enterprise clients usually use GlobalSign, VeriSign, ..

Is it better to add them seperately and use RpSslContext.SslCAPath
or combine them as CRLF separated certs in a single file using RpSslContext.SslCAFile ?

If I import the certificates, the exe will grow with ~ 130kB and that's unacceptable for 1 application

Paul
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to