Strategy for self-signed certificates?

Question

Strategy for self-signed certificates?

lilith opened this issue 8 years ago · 2 comments

Is it in scope to support custom CA certificates on a per-connection basis?

I understand that this will require a manual verification process per https://msdn.microsoft.com/en-us/library/windows/desktop/aa378740(v=vs.85).aspx

It's possible that there is an example of this in the Platform SDK.

Answer 1 · 2017-01-25T10:23:51.000Z

Yep, this is definitely something I want to support. We should be able to mirror what oscrypto does - in the SChannel APIs the certificate chain construction and verification steps are separate so you construct the chain, and if the root matches one of your extra certs, we pass a flag to the verification step to skip the root trust check portion of the logic.

Answer 2 · 2017-03-17T03:04:42.000Z

This is now supported!