Re: **maillist:: Outlook S/MIME Vulnerability

From: Torbjörn Hovmark (
Date: 09/04/02

From: Torbjörn Hovmark <>
To: "Thomas Seliger" <>, <>
Date: Wed, 4 Sep 2002 16:18:01 +0200


> Since the failure of checking certificate chain correctly seems to be
> buried deeper in windows (maybe in some DLL? some info from
> microsoft would be greatly appreciated [...]

The CryptoAPI function CertVerifyCertificateChainPolicy() could be an
interesting starting point. However, I get the feeling it is more a matter
of similar errors being made by different people in different development

Best regards,

Torbjörn Hovmark

Abtrusion Security AB