[openssl-dev] Windows system cert store
Dr. Stephen Henson
steve at openssl.org
Wed Jul 12 12:48:14 UTC 2017
On Sun, Jul 09, 2017, Matthew Stickney wrote:
> The Certificate Manager in Windows does allow you to change the trust
> settings for root certs (including the purposes reported by openssl
> x509 -purpose), although those changes don't appear to be reflected in
> the cert dumped from the store (so they must be stored externally).
>
Yes they're external properties. The certificate encoding returned can't be
modified of course because that would break the signature.
I think I did some experiments with CertGetEnhancedKeyUsage() and
CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG before. IIRC this reflected system
settings but not those visible in the MSIE dialogs: that is changing the
setting in MSIE didn't change the values returned by that API.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list