xref: /openssl/doc/man7/OSSL_STORE-winstore.pod (revision faa4a10e) 
1=pod
2
3=head1 NAME
4
5OSSL_STORE-winstore - OpenSSL built in OSSL_STORE for Windows
6
7=head1 DESCRIPTION
8
9The OSSL_STORE implementation for Windows provides access to Windows' system
10C<ROOT> certificate store through URIs, using the URI scheme
11C<org.openssl.winstore>.
12
13=head2 Supported URIs
14
15There is only one supported URI:
16
17  org.openssl.winstore:
18
19No authority (host, etc), no path, no query, no fragment.
20
21=head2 Supported OSSL_STORE_SEARCH operations
22
23=over 4
24
25=item L<OSSL_STORE_SEARCH_by_name(3)>
26
27As a matter of fact, this must be used.  It is not possible to enumerate all
28available certificates in the store.
29
30=back
31
32=head2 Windows certificate store features
33
34Apart from diverse constraints present in the certificates themselves, the
35Windows certificate store also has the ability to associate additional
36constraining properties alongside a certificate in the store. This includes
37both documented and undocumented capabilities:
38
39=over 4
40
41=item *
42
43The documented capability to override EKU
44
45=item *
46
47The undocumented capability to add name constraints
48
49=item *
50
51The undocumented capability to override the certificate expiry date
52
53=back
54
55I<Such constraints are not checked by this OSSL_STORE implementation, and
56thereby not honoured>.
57
58However, once extracted with L<OSSL_STORE_load(3)>, certificates that have
59constraints in their X.509 extensions will go through the usual constraint
60checks when used by OpenSSL, and are thereby honoured.
61
62=head1 SEE ALSO
63
64L<ossl_store(7)>, L<OSSL_STORE_open_ex(3)>, L<OSSL_STORE_SEARCH(3)>
65
66=head1 HISTORY
67
68The winstore (C<org.openssl.winstore>) implementation was added in OpenSSL
693.2.0.
70
71=head1 NOTES
72
73OpenSSL uses L<OSSL_DECODER(3)> implementations under the hood.
74To influence what L<OSSL_DECODER(3)> implementations are used, it's advisable
75to use L<OSSL_STORE_open_ex(3)> and set the I<propq> argument.
76
77=head1 COPYRIGHT
78
79Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
80
81Licensed under the Apache License 2.0 (the "License").  You may not use
82this file except in compliance with the License.  You can obtain a copy
83in the file LICENSE in the source distribution or at
84L<https://www.openssl.org/source/license.html>.
85
86=cut
87