Re: need help with certificate bundles for ALL the platforms Emacs supports

[Andy Moreton]

On Fri 10 Feb 2012, Ted Zlatanov wrote:

> On Fri, 10 Feb 2012 17:51:45 +0200 Eli Zaretskii <address@hidden> wrote: 
>
>>> From: Ted Zlatanov <address@hidden>
>>> The question is how to obtain one reliably, and all my research leads me
>>> to believe that W32 doesn't have it.
>
> EZ> This URL:
>
> EZ>    http://technet.microsoft.com/en-us/library/cc962104.aspx
>
> EZ> and also a few others seem to indicate that each Windows user has
> EZ> his/her certificates in this directory:
>
> EZ>   C:\Documents and Settings\<username>\Application 
> Data\Microsoft\SystemCertificates\My\Certificates
>
> EZ> I do have such a directory on my XP box, but it is empty.  Meanwhile,
> EZ> the application that is used on Windows to browse certificates does
> EZ> show a long list of certificates I allegedly have on this box.
>
> EZ> On another XP system I did see files in the above directory, but they
> EZ> were binary files, unlike the contents you show:
>
> That's unfortunate.  I'll assume for now that on W32 we have to supply
> our own certificate bundle through the GNU ELPA package, until someone
> comes up with a better solution.  I think that's acceptable since we're
> simply mimicking Mozilla's CA choices, and we can make incremental
> improvements to gnutls.el as we find out more about each platform.
>
> Thanks!
> Ted

It appears that Windows stores the certificates in the registry - see
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates".

I expect that additonal locations are used under the control of group
policy for domain machines etc, and that this data should only be used
via the appropriate APIs.

Cygwin also has a cert bundle in the ca-certificates package - see 
http://cygwin.com/packages/ca-certificates/

    AndyM