Alon Bar-Lev wrote: > So you need to use CertVerifyCertificateChainPolicy() with > CERT_CHAIN_POLICY_SSL I'm no Microsoft developer (adn I don't want to be to be honest) but if I understand it right, it's better to call CertGetCertificateChain() as I am doing.
MSDN for CertVerifyCertificateChainPolicy()[1] says on the remarks: "Use the CertGetCertificateChain function to enable and perform certificate revocation checking. The CertVerifyCertificateChainPolicy function does not check if certificates in the certificate chain are revoked." I could be far off in reading the documentation; my tests however suggest that I got it right. If you disagree, can you explain in more words your objection? :) Thanks, Faidon 1: http://msdn2.microsoft.com/en-us/library/aa377163.aspx