Paul wrote: > You get message to trust the certificate. Only if the certificate cannot be verified. That happens when certificate's signing certificate isn't in the trusted store or otherwise the chain of trust cannot be build without gaps.
> IE doesn't show anything unless the cert in not valid Windows downloads missing CA certificates from a MS certificate server if that option is not disabled. There's nothing like that with OpenSSL. > > I want the program to continue without any message except when the > certificate is not valid. A certificate must be considered invalid if a chain of trust cannot be built. > So I should be able to check with any CA (known or unknown). One not 100% reliable workaround would be to create a new bundle PEM certificate file from the windows certificate stores when the app starts before the context is initialized (see PemTool demo). However if the CA certificate was not yet in the local Windows store this method won't work :( -- Arno Garrels > > Paul > > > ----- Original Message ----- > From: "Arno Garrels" <arno.garr...@gmx.de> > To: "ICS support mailing" <twsocket@elists.org> > Sent: Monday, September 07, 2009 4:33 PM > Subject: Re: [twsocket] Check SSL certificate > > >> Paul wrote: >>> I've always checked ssl-certificates with a known CA in my >>> applications. I want users to automatically check certificates >>> within their own implementation. >>> Some of them uses different CA's for their servers and webservices. >>> How can I check these different certificatites without any >>> notification popup (except on invalid certs) ? >> >> Sorry I don't understand the problem. >> There's either a so called bundle certificate file or a directory >> containing certificates or both, as shown, for instance, in the Https >> demo. >> >> -- >> Arno >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
