On 9/22/07, Faidon Liambotis <parav...@debian.org> wrote: > Alon Bar-Lev wrote: > > So you need to use CertVerifyCertificateChainPolicy() with > > CERT_CHAIN_POLICY_SSL > I'm no Microsoft developer (adn I don't want to be to be honest) but if > I understand it right, it's better to call CertGetCertificateChain() as > I am doing.
You need to use both, one for create the chain and the other to verify that it meets with system CTL for SSL. Alon.