I want to get parent certificate (or all certificates in chain for that matter) from Windows Certificate Store (assuming I know the location of the end certificate). I need to get each one in order to build my own custom X509_STORE
(using OpenSSL).
I think the proper course of action would be:
- obtain first certificate using
CertFindCertificateInStore
(done) - get the certificate chain using
CertGetCertificateChain
(done) - extract the certificates from chain (?)
- for each certificate in chain, convert it using
d2i_X509
(done)
or
- obtain first certificate using
CertFindCertificateInStore
(done) - get the parent certificate (if exists) (?)
- convert it using
d2i_X509
, go to 2. (done)
Then create the store.
The question to answer is then - how to get the parent certificate or all certificates in chain using Windows Certificate Store? I'm probably missing some more or less occult function here.
as the
CertFindCertificateInStore
outputs a chain context, one can access it's members using the beautiful construction:chainContext->rgpChain[0]->rgpElement[iCertIndex]->pCertContext->pbCertEncoded
where
iCertIndex
is between0
(end-certificate) andchainSize -1
(self-signed root certificate).