[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: need help with certificate bundles for ALL the platforms Emacs suppo

From: Ted Zlatanov
Subject: Re: need help with certificate bundles for ALL the platforms Emacs supports
Date: Mon, 13 Feb 2012 08:15:33 -0500
User-agent: Gnus/5.130002 (Ma Gnus v0.2) Emacs/24.0.93 (gnu/linux)

On Mon, 13 Feb 2012 10:29:36 +0000 Andy Moreton <address@hidden> wrote: 

>> On Sat, 11 Feb 2012 19:45:25 +0200 Eli Zaretskii <address@hidden> wrote: 
EZ> Thanks.  FWIW, there's also
EZ> HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates
EZ> for the user's certificates.  But what I see there, in both locations,
EZ> are binary blobs, not anything like what Ted showed.
AM> Please do not read these registry keys - you will almost certainly end
AM> up using revoked certificates (e,.g. diginotar), and duplicating the
AM> work of the existing system APIs but with added bugs.

AM> Please read the following articles:

AM> Certificate Status and Revocation Checking - TechNet Articles - Home - 
TechNet Wiki

AM> How Certificate Revocation Works
AM> <http://technet.microsoft.com/en-gb/library/ee619754(WS.10).aspx>

AM> There is lots of information there about how this works for various
AM> Windows versions.

As I said later, the complexity of this task indicates we should use the
certutil.exe binary or something like it.  I am not excited to spend
hours reverse-engineering Microsoft's certificate storage strategy and
it would be a brittle solution in any case since it changes with W32


reply via email to

[Prev in Thread] Current Thread [Next in Thread]