Paul wrote: >> One not 100% reliable workaround would be to create a new bundle >> PEM certificate file from the windows certificate stores when >> the app starts before the context is initialized (see PemTool demo). >> However if the CA certificate was not yet in the local Windows >> store this method won't work :( > > I've done in that a few applications, but I thought there would be a > better way. > This is for a small application that is downloaded for each run and I > added the CA the company uses to keep the exe as small as possible > Some of our clients go "CA shopping", so you never know the CA to > check.
Another idea was to mimic the MS certificate server. The application could download a missing certificate from your website. > > You centainly don't want to know their answers whenever this happens, > especially enterprise clients... I can imagine the trouble, however OpenSSL was choosen as the SSL implementation with cross platform support in mind, I still think this was a good decision. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
