I've implemented OpenSSL to secure communications between a client and a server. The server can present certificates, and I've checked (using Internet Explorer and Opera) that these certificates make sense.
I now want to get my client to check those certificates, and I would prefer to use Microsoft's CryptoAPI to do this. The reasons for this apparently perverse decision are: 1. The client is a Windows-only program, so I lose nothing by doing this. 2. If I do this, the client will have access to exactly the same stored certificate lists as other Windows programs that the user is familiar with (such as IE). 3. The client will share the behaviour (including, possibly, the bugs) of other Windows programs. Operations such as CRL checking will be as effective, or as ineffective, as they are in other programs. Thus the user will not have to learn anything new. There remains the question of whether this is possible; and, if so, how. A flounder through the MS documentation suggests that I need to use various combinations of CertCreateCTLContext and CryptMsgGetAndVerifySigner. Has anyone any experience of doing any of this -- extracting the certificate that was sent by an SSL server to OpenSSL and passing it to CryptoAPI? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]