[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Windows cert store support

From: Gisle Vanem
Subject: Re: [Bug-wget] Windows cert store support
Date: Thu, 10 Dec 2015 11:13:06 +0100
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

Random Coder wrote:

> I'm not sure if the wget maintainers would be interested, but I've
> been carrying this patch around in my private builds of wget for a
> while.  It allows wget to load SSL certs from the default Windows cert
> store.

I've applied your patch. It seems to work fine. Nice!

But in a message like:
  X509 certificate successfully verified and matches host

it would be nice to know if it succeeded because of WinCrypt or

> +      /* Loop through all the certs in the Windows cert store */
> +      for ( pCertCtx = Local_CertEnumCertificatesInStore(hStore, NULL);
> +          pCertCtx != NULL;
> +          pCertCtx = Local_CertEnumCertificatesInStore(hStore, pCertCtx) )
> +      {
> +        if (!((pCertCtx->dwCertEncodingType & PKCS_7_ASN_ENCODING) == 
> +        {
> +          /* Add all certs we find to OpenSSL's store */

How does this prevent an expired Cert to be used?
I see in the 'CERT_INFO' structure a 'NotAfter' member. But this
struct seems to support for WINAPI_PARTITION_APP only :-(
I assume this could be used to check expired certificates.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]