[rs-dev] Draft RFC: Certificate Enrollment API (Microsoft CertEnroll)

Graham Leggett minfrin at sharp.fm
Sat Mar 7 00:54:57 CET 2020


On 06 Mar 2020, at 03:01, Graham Leggett via rs-dev <rs-dev at redwax.eu> wrote:

> Next up is certenroll, the repo is set up and ready to go:
> 
> https://source.redwax.eu/projects/STD/repos/certenroll/browse
> https://source.redwax.eu/svn/redwax/std/certenroll/trunk

To write an RFC to cover Microsoft Certenroll, how much would be need to cover in the RFC?

The certenroll C/C++ API itself is extensively documented here: https://docs.microsoft.com/en-us/windows/win32/seccertenroll/certenroll-portal

The piece that’s missing in their docs is how Microsoft gets this C/C++ API and exposes it inside the web browser. Most specifically:

- They declare an <object> tag with classid 884e2049-217d-11da-b2a4-000e7bbb2b09 - this is undocumented anywhere sensible.
- This object has a method called CreateObject, documented here: https://docs.microsoft.com/en-us/windows/win32/api/certenroll/nf-certenroll-ix509enrollmentwebclassfactory-createobject
- Each C/C++ object that can be created by CreateObject, is also a javascript object that can be created by CreateObject. This is undocumented anywhere sensible

So the problem is the code is mostly documented, the part that’s missing is telling people it’s exposed as javascript, and available as an object.

We don’t want to boil the ocean and produce a 1000 page RFC containing the whole Microsoft API, how much do you recommend should be covered?

Regards,
Graham
—

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5014 bytes
Desc: not available
URL: <https://redwax.eu/pipermail/rs-dev/attachments/20200307/96cf9f42/attachment.p7s>


More information about the rs-dev mailing list