Changes between and of Initial VersionVersion 1Ticket #6371, comment 12


Ignore:
Timestamp:
07/23/2015 03:03:39 PM (4 years ago)
Author:
Adam Goodman
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #6371, comment 12

    initial v1  
    1313  (Some concrete numbers: on a clean installation of Windows 8.1, running certmgr.msc shows 18 certificates listed in the "Trusted Root Certification Authorities"; by contrast, OS X comes with over 200 trusted roots).
    1414
    15   As far as I understand it, the only 100%-accurate way to validate certificates against Windows' cert store would be to hook the OpenSSL verify callbacks to retrieve the leaf and intermediate certificates provided by the server, then use CryptoAPI functions (e.g. perhaps CertGetCertificateChain?) to have Windows perform the actual chain validation.
     15  As far as I understand it, the only 100%-accurate way to validate certificates against Windows' trust policy would be to hook the OpenSSL verify callbacks to retrieve the leaf and intermediate certificates provided by the server, then use CryptoAPI functions (e.g. perhaps CertGetCertificateChain?) to have Windows perform the actual chain validation.
    1616
    1717  (I filed a bug report about this in Python as https://bugs.python.org/issue20916)