On Fri May 30 23:35:59 2025 +0000, Paul Gofman wrote:
If it indeed turns out clumsy either way (not sure that it is actually the case) maybe it would be more interesting to get rid of ‘cached’ entirely. The need for that IIRC was initially stipulated by how registry storage worked at times, but there were some changes since and also we might want to change registry storage so it persists the changes immediately and not after release (that’s how that works on Windows). Then we maybe don’t need ‘cached’ at all and can work solely with registry storage to do the same.
Probably just calling CertDuplicateStore() for 'cached' when 'cached' is used with chain engine should do it? Note that CertDuplicateStore() just increases its refcount, it doesn't do an actual copy.