Home Explore Help
Register Sign In
Apq
/
winscp
mirror of https://github.com/winscp/winscp.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: efa8db8eec
Branches Tags
winscp
/
libs
/
openssl
/
doc
/
man7
/
OSSL_STORE-winstore.pod

OSSL_STORE-winstore.pod 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. OSSL_STORE-winstore - OpenSSL built in OSSL_STORE for Windows
    6. 

  6. 

  7. =head1 DESCRIPTION
    8. 

  8. 

  9. The OSSL_STORE implementation for Windows provides access to Windows' system
    10. 

  10. C<ROOT> certificate store through URIs, using the URI scheme
    11. 

  11. C<org.openssl.winstore>.
    12. 

  12. 

  13. =head2 Supported URIs
    14. 

  14. 

  15. There is only one supported URI:
    16. 

  16. 

  17.   org.openssl.winstore:
    18. 

  18. 

  19. No authority (host, etc), no path, no query, no fragment.
    20. 

  20. 

  21. =head2 Supported OSSL_STORE_SEARCH operations
    22. 

  22. 

  23. =over 4
    24. 

  24. 

  25. =item L<OSSL_STORE_SEARCH_by_name(3)>
    26. 

  26. 

  27. As a matter of fact, this must be used.  It is not possible to enumerate all
    28. 

  28. available certificates in the store.
    29. 

  29. 

  30. =back
    31. 

  31. 

  32. =head2 Windows certificate store features
    33. 

  33. 

  34. Apart from diverse constraints present in the certificates themselves, the
    35. 

  35. Windows certificate store also has the ability to associate additional
    36. 

  36. constraining properties alongside a certificate in the store. This includes
    37. 

  37. both documented and undocumented capabilities:
    38. 

  38. 

  39. =over 4
    40. 

  40. 

  41. =item *
    42. 

  42. 

  43. The documented capability to override EKU
    44. 

  44. 

  45. =item *
    46. 

  46. 

  47. The undocumented capability to add name constraints
    48. 

  48. 

  49. =item *
    50. 

  50. 

  51. The undocumented capability to override the certificate expiry date
    52. 

  52. 

  53. =back
    54. 

  54. 

  55. I<Such constraints are not checked by this OSSL_STORE implementation, and
    56. 

  56. thereby not honoured>.
    57. 

  57. 

  58. However, once extracted with L<OSSL_STORE_load(3)>, certificates that have
    59. 

  59. constraints in their X.509 extensions will go through the usual constraint
    60. 

  60. checks when used by OpenSSL, and are thereby honoured.
    61. 

  61. 

  62. =head1 SEE ALSO
    63. 

  63. 

  64. L<ossl_store(7)>, L<OSSL_STORE_open_ex(3)>, L<OSSL_STORE_SEARCH(3)>
    65. 

  65. 

  66. =head1 HISTORY
    67. 

  67. 

  68. The winstore (C<org.openssl.winstore>) implementation was added in OpenSSL
    69. 

  69. 3.2.0.
    70. 

  70. 

  71. =head1 NOTES
    72. 

  72. 

  73. OpenSSL uses L<OSSL_DECODER(3)> implementations under the hood.
    74. 

  74. To influence what L<OSSL_DECODER(3)> implementations are used, it's advisable
    75. 

  75. to use L<OSSL_STORE_open_ex(3)> and set the I<propq> argument.
    76. 

  76. 

  77. =head1 COPYRIGHT
    78. 

  78. 

  79. Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
    80. 

  80. 

  81. Licensed under the Apache License 2.0 (the "License").  You may not use
    82. 

  82. this file except in compliance with the License.  You can obtain a copy
    83. 

  83. in the file LICENSE in the source distribution or at
    84. 

  84. L<https://www.openssl.org/source/license.html>.
    85. 

  85. 

  86. =cut
    87.