From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: need help with certificate bundles for ALL the
	platforms	Emacs	supports
Date: Fri, 10 Feb 2012 17:51:45 +0200
Message-ID: <83hayy1yb2.fsf@gnu.org>
References: <4F25FA2F.2010401@gmail.com>
	<F076A8BD691F41DA9BABE716EA24A149@us.oracle.com>
	<4F27F4A1.6030907@gmail.com>
	<6E4BE1E758D04283A7C3A660ED379966@us.oracle.com>
	<87liolnipl.fsf@lifelogs.com>
	<50081AA79F2F4860A3B9DCEDFC1ABEC8@us.oracle.com>
	<877h04nc2e.fsf@lifelogs.com> <83ehucfjc8.fsf@gnu.org>
	<87r4ycjbjz.fsf_-_@lifelogs.com> <83mx8zev8s.fsf@gnu.org>
	<87vcnnj1xm.fsf@lifelogs.com> <87ipjgw0r3.fsf_-_@lifelogs.com>
	<83liobaleu.fsf@gnu.org> <87lioau9bc.fsf@lifelogs.com>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: plane.gmane.org
X-Trace: dough.gmane.org 1328889152 9491 80.91.229.3 (10 Feb 2012 15:52:32 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Fri, 10 Feb 2012 15:52:32 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Feb 10 16:52:32 2012
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Rvslz-0003Ar-TC
	for ged-emacs-devel@m.gmane.org; Fri, 10 Feb 2012 16:52:32 +0100
Original-Received: from localhost ([::1]:50971 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Rvslz-0002W5-4C
	for ged-emacs-devel@m.gmane.org; Fri, 10 Feb 2012 10:52:31 -0500
Original-Received: from eggs.gnu.org ([140.186.70.92]:59280)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1Rvslw-0002V5-Ii
	for emacs-devel@gnu.org; Fri, 10 Feb 2012 10:52:29 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1Rvslq-00055V-L8
	for emacs-devel@gnu.org; Fri, 10 Feb 2012 10:52:28 -0500
Original-Received: from mtaout20.012.net.il ([80.179.55.166]:51488)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1Rvslq-00055M-DY
	for emacs-devel@gnu.org; Fri, 10 Feb 2012 10:52:22 -0500
Original-Received: from conversion-daemon.a-mtaout20.012.net.il by
	a-mtaout20.012.net.il (HyperSendmail v2007.08) id
	<0LZ600E00PBQUT00@a-mtaout20.012.net.il> for
	emacs-devel@gnu.org; Fri, 10 Feb 2012 17:51:46 +0200 (IST)
Original-Received: from HOME-C4E4A596F7 ([77.124.150.51]) by a-mtaout20.012.net.il
	(HyperSendmail v2007.08) with ESMTPA id
	<0LZ600EOAPE96L80@a-mtaout20.012.net.il> for
	emacs-devel@gnu.org; Fri, 10 Feb 2012 17:51:46 +0200 (IST)
In-reply-to: <87lioau9bc.fsf@lifelogs.com>
X-012-Sender: halo1@inter.net.il
X-detected-operating-system: by eggs.gnu.org: Solaris 10 (beta)
X-Received-From: 80.179.55.166
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:148435
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/148435>

> From: Ted Zlatanov <tzz@lifelogs.com>
> Date: Fri, 10 Feb 2012 08:06:31 -0500
> 
> >> W32 doesn't seem to have a system cert bundle and getting it from any
> >> specific browser is unreliable, but any suggestions are welcome.
> 
> EZ> I think you are wrong about that.  Where did you get this information?
> 
> Web searching, e.g. the URL I cited in the post you quoted.  I'd love to
> be wrong!

This URL:

   http://technet.microsoft.com/en-us/library/cc962104.aspx

and also a few others seem to indicate that each Windows user has
his/her certificates in this directory:

  C:\Documents and Settings\<username>\Application Data\Microsoft\SystemCertificates\My\Certificates

I do have such a directory on my XP box, but it is empty.  Meanwhile,
the application that is used on Windows to browse certificates does
show a long list of certificates I allegedly have on this box.

On another XP system I did see files in the above directory, but they
were binary files, unlike the contents you show:

> They consist of hundreds of text blocks like this:
> 
> -----BEGIN CERTIFICATE-----
> MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
> ...
> MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
> sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
> -----END CERTIFICATE-----
> 
> which are simply individual .pem files, concatenated.  In Debian/Ubuntu
> there is a directory structure under /etc/ssl, but Mozilla's bundle, for
> instance, is offered as simply a monolithic download.
> 
> The question is how to obtain one reliably, and all my research leads me
> to believe that W32 doesn't have it.

I know nothing about these issues, so I'm really not the right person
to look into this.  Perhaps someone else could chime in.