emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: need help with certificate bundles for ALL the platforms Emacs suppo

From: Andy Moreton
Subject: Re: need help with certificate bundles for ALL the platforms Emacs supports
Date: Mon, 13 Feb 2012 10:29:36 +0000
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (windows-nt) 
On Sun 12 Feb 2012, Ted Zlatanov wrote:

> On Sat, 11 Feb 2012 19:45:25 +0200 Eli Zaretskii <address@hidden> wrote: 
>
>>> From: Andy Moreton <address@hidden>
>>> Date: Sat, 11 Feb 2012 17:22:40 +0000
>>> 
>>> It appears that Windows stores the certificates in the registry - see
>>> "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates".
>
> EZ> Thanks.  FWIW, there's also
>
> EZ>    HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates
>
> EZ> for the user's certificates.  But what I see there, in both locations,
> EZ> are binary blobs, not anything like what Ted showed.
>
> There are many certificate formats GnuTLS can speak; the .pem files I
> showed are most common where legibility matters.  Can Emacs extract
> everything under this registry path automatically?  I didn't see a way
> in the C code.  If I can slurp them into a file, I may be able to use
> that.

Please do not read these registry keys - you will almost certainly end
up using revoked certificates (e,.g. diginotar), and duplicating the
work of the existing system APIs but with added bugs.

Please read the following articles:

Certificate Status and Revocation Checking - TechNet Articles - Home - TechNet 
Wiki
<http://social.technet.microsoft.com/wiki/contents/articles/4954.certificate-status-and-revocation-checking.aspx>

How Certificate Revocation Works
<http://technet.microsoft.com/en-gb/library/ee619754(WS.10).aspx>

There is lots of information there about how this works for various
Windows versions.

    AndyM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]