On 9/22/07, Faidon Liambotis wrote:
> Alon Bar-Lev wrote:
> > So you need to use CertVerifyCertificateChainPolicy() with
> > CERT_CHAIN_POLICY_SSL
> I'm no Microsoft developer (adn I don't want to be to be honest) but if
> I understand it right, it's better to call CertGetCertificateChain() as
>
Alon Bar-Lev wrote:
> So you need to use CertVerifyCertificateChainPolicy() with
> CERT_CHAIN_POLICY_SSL
I'm no Microsoft developer (adn I don't want to be to be honest) but if
I understand it right, it's better to call CertGetCertificateChain() as
I am doing.
MSDN for CertVerifyCertificateChainP
On 9/22/07, Faidon Liambotis wrote:
> It seems that is much better to ask Windows to check whether the
> presented certificate is trusted or not than try to build the trust path
> yourself and import it to OpenSSL.
OK...
So you need to use CertVerifyCertificateChainPolicy() with CERT_CHAIN_POLICY
Alon Bar-Lev wrote:
> Why not use SSL_CTX_add_client_CA and add all CAPI root store into
> OpenSSL context?
My initial approach (v1) was that (albeit not with
SSL_CTX_add_client_CA but with X509_STORE_add_cert).
This was flawed, for the reasons I mentioned in v2 changelog (which btw,
you have seen
On 9/22/07, Faidon Liambotis wrote:
> Hello,
> Below you will find a revised version of a patch that I sent almost 9
> months before.
>
> It allows OpenVPN to verify certificates agains the Windows Certificate Store.
>
> Changed since v2:
> * Replace the global variable by a TLS options variable
