Re: NSM certificate prompt

[Eli Zaretskii]

> From: Michael Albinus <address@hidden>
> Date: Sat, 13 Dec 2014 18:06:37 +0100
> Cc: address@hidden
> 
> In order not to create an infinite chain, there are so-called Root CAs,
> which are "known by default". If any chain ends in such a root
> certificate, you know that the initial certificate is true.
> 
> The problem is to distribute and maintain such root
> certificates. Browsers have them built-in, but I don't believe Emacs
> (eww) shall do so.

GnuTLS on Windows uses the CertEnumCertificatesInStore API to retrieve
all the Root and Certification Authority certificates known to the
system.  I suppose at least IE uses the same API, so I wonder how come
GnuTLS fails to validate the certificates, while IE succeeds.

I guess some debugging is in order.