From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Andy Moreton Newsgroups: gmane.emacs.devel Subject: Re: need help with certificate bundles for ALL the platforms Emacs supports Date: Sat, 11 Feb 2012 17:22:40 +0000 Message-ID: <828vk9b7z3.fsf@gmail.com> References: <4F25FA2F.2010401@gmail.com> <4F27F4A1.6030907@gmail.com> <6E4BE1E758D04283A7C3A660ED379966@us.oracle.com> <87liolnipl.fsf@lifelogs.com> <50081AA79F2F4860A3B9DCEDFC1ABEC8@us.oracle.com> <877h04nc2e.fsf@lifelogs.com> <83ehucfjc8.fsf@gnu.org> <87r4ycjbjz.fsf_-_@lifelogs.com> <83mx8zev8s.fsf@gnu.org> <87vcnnj1xm.fsf@lifelogs.com> <87ipjgw0r3.fsf_-_@lifelogs.com> <83liobaleu.fsf@gnu.org> <87lioau9bc.fsf@lifelogs.com> <83hayy1yb2.fsf@gnu.org> <87bop6skyp.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1328980988 6863 80.91.229.3 (11 Feb 2012 17:23:08 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sat, 11 Feb 2012 17:23:08 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Feb 11 18:23:05 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1RwGfA-0004An-Pu for ged-emacs-devel@m.gmane.org; Sat, 11 Feb 2012 18:23:04 +0100 Original-Received: from localhost ([::1]:56847 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RwGfA-00071X-45 for ged-emacs-devel@m.gmane.org; Sat, 11 Feb 2012 12:23:04 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]:54251) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RwGf7-000713-28 for emacs-devel@gnu.org; Sat, 11 Feb 2012 12:23:02 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RwGf5-0008BH-4o for emacs-devel@gnu.org; Sat, 11 Feb 2012 12:23:00 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]:40891) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RwGf4-0008B1-W1 for emacs-devel@gnu.org; Sat, 11 Feb 2012 12:22:59 -0500 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1RwGf1-00044s-Lp for emacs-devel@gnu.org; Sat, 11 Feb 2012 18:22:55 +0100 Original-Received: from 82-69-64-228.dsl.in-addr.zen.co.uk ([82.69.64.228]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 11 Feb 2012 18:22:55 +0100 Original-Received: from andrewjmoreton by 82-69-64-228.dsl.in-addr.zen.co.uk with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 11 Feb 2012 18:22:55 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 44 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 82-69-64-228.dsl.in-addr.zen.co.uk User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.93 (windows-nt) Cancel-Lock: sha1:qk1x2ss1AfCDMZDdHcM+2Ohx2Sk= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:148477 Archived-At: On Fri 10 Feb 2012, Ted Zlatanov wrote: > On Fri, 10 Feb 2012 17:51:45 +0200 Eli Zaretskii wrote: > >>> From: Ted Zlatanov >>> The question is how to obtain one reliably, and all my research leads me >>> to believe that W32 doesn't have it. > > EZ> This URL: > > EZ> http://technet.microsoft.com/en-us/library/cc962104.aspx > > EZ> and also a few others seem to indicate that each Windows user has > EZ> his/her certificates in this directory: > > EZ> C:\Documents and Settings\\Application Data\Microsoft\SystemCertificates\My\Certificates > > EZ> I do have such a directory on my XP box, but it is empty. Meanwhile, > EZ> the application that is used on Windows to browse certificates does > EZ> show a long list of certificates I allegedly have on this box. > > EZ> On another XP system I did see files in the above directory, but they > EZ> were binary files, unlike the contents you show: > > That's unfortunate. I'll assume for now that on W32 we have to supply > our own certificate bundle through the GNU ELPA package, until someone > comes up with a better solution. I think that's acceptable since we're > simply mimicking Mozilla's CA choices, and we can make incremental > improvements to gnutls.el as we find out more about each platform. > > Thanks! > Ted It appears that Windows stores the certificates in the registry - see "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates". I expect that additonal locations are used under the control of group policy for domain machines etc, and that this data should only be used via the appropriate APIs. Cygwin also has a cert bundle in the ca-certificates package - see http://cygwin.com/packages/ca-certificates/ AndyM