[openssl-dev] Windows system cert store
Matthew Stickney
mtstickney at gmail.com
Wed Jul 12 15:26:24 UTC 2017
On Wed, Jul 12, 2017 at 8:48 AM, Dr. Stephen Henson <steve at openssl.org> wrote:
> Yes they're external properties. The certificate encoding returned can't be
> modified of course because that would break the signature.
That's a good point (I'm a little embarassed to have missed that).
> I think I did some experiments with CertGetEnhancedKeyUsage()[...]
It looks like another good candidate might be
CertGetCertificateContextProperty() with the CERT_CTL_USAGE_PROP_ID
flag. At least in principle, that's pulling usage information from the
cert context, rather than the cert itself. I'll do some testing after
work tonight.
-Matt Stickney
More information about the openssl-dev
mailing list