OSSL_STORE-winstore(7ssl) - Man pages

dwww Home | Manual pages | Find package
OSSL_STORE-WINSTORE(7SSL)           OpenSSL           OSSL_STORE-WINSTORE(7SSL)

NAME
       OSSL_STORE-winstore - OpenSSL built in OSSL_STORE for Windows

DESCRIPTION
       The OSSL_STORE implementation for Windows provides access to Windows'
       system "ROOT" certificate store through URIs, using the URI scheme
       "org.openssl.winstore".

   Supported URIs
       There is only one supported URI:

         org.openssl.winstore:

       No authority (host, etc), no path, no query, no fragment.

   Supported OSSL_STORE_SEARCH operations
       OSSL_STORE_SEARCH_by_name(3)
           As  a  matter  of  fact,  this  must be used.  It is not possible to
           enumerate all available certificates in the store.

   Windows certificate store features
       Apart from diverse constraints present in the  certificates  themselves,
       the  Windows  certificate  store  also  has  the  ability  to  associate
       additional constraining properties alongside a certificate in the store.
       This includes both documented and undocumented capabilities:

       •   The documented capability to override EKU

       •   The undocumented capability to add name constraints

       •   The undocumented capability to override the certificate expiry date

       Such constraints are not checked by this OSSL_STORE implementation,  and
       thereby not honoured.

       However,  once extracted with OSSL_STORE_load(3), certificates that have
       constraints  in  their  X.509  extensions  will  go  through  the  usual
       constraint checks when used by OpenSSL, and are thereby honoured.

SEE ALSO
       ossl_store(7), OSSL_STORE_open_ex(3), OSSL_STORE_SEARCH(3)

HISTORY
       The   winstore  ("org.openssl.winstore")  implementation  was  added  in
       OpenSSL 3.2.0.

NOTES
       OpenSSL  uses  OSSL_DECODER(3)  implementations  under  the  hood.    To
       influence  what OSSL_DECODER(3) implementations are used, it's advisable
       to use OSSL_STORE_open_ex(3) and set the propq argument.

COPYRIGHT
       Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not  use
       this  file except in compliance with the License.  You can obtain a copy
       in   the   file   LICENSE   in   the   source   distribution    or    at
       <https://www.openssl.org/source/license.html>.

3.5.4                              2025-09-30         OSSL_STORE-WINSTORE(7SSL)
Generated by dwww version 1.16 on Tue Dec 16 04:20:11 CET 2025.