Re: [Openvpn-devel] [PATCH v3] Use CryptoAPI CA store

[Alon Bar-L. <alo...@gm...>]

On 9/22/07, Faidon Liambotis <par...@de...> wrote:
> Alon Bar-Lev wrote:
> > So you need to use CertVerifyCertificateChainPolicy() with CERT_CHAIN_POLICY_SSL
> I'm no Microsoft developer (adn I don't want to be to be honest) but if
> I understand it right, it's better to call CertGetCertificateChain() as
> I am doing.

You need to use both, one for create the chain and the other to verify
that it meets with system CTL for SSL.

Alon.