RE: Private Key from Windows Cert Store

Fri, 03 Dec 2010 09:10:43 -0800 

I rebuild OpenSSL and didn't get a capi.dll. I'm using 0.9.8k. Is there
something I'm missing in the build process that I need to change to get
the engines to compiled in. From what I've read it looks like it builds
these engines into the openssl dlls.

The following returns still NULL for me.

                        ENGINE_load_builtin_engines();
                        ENGINE *e = ENGINE_by_id("capi");

-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Tuesday, November 30, 2010 11:49 AM
To: openssl-users@openssl.org
Subject: Re: Private Key from Windows Cert Store

On Tue, Nov 30, 2010, Fili, Tom wrote:

> Thanks, but I was more looking for docs on the interop of OpenSSL and
> the Crypto API. I got pretty most info from the capi that I needed
> except the private key, which from what I've read may not always be
> exportable anyway. I was looking for how to call the following
functions
> with a location in the store, instead of a file.
> 
> SSL_CTX_load_verify_locations
> SSL_CTX_use_PrivateKey_file
> SSL_CTX_use_certificate_chain_file
> 
> or replacement functions that need to be called instead.
> 
> Also, I'm having issues compiling with capi engine support. The engine
> doesn't appear to load as I get NULL from ENGINE_by_id("capi");
> 

When you build OpenSSL it should produce a capi.dll file which needs to
be
installed in an appopriate place: where depends on how you've configured
OpenSSL.

Do you want to use the private key for client authentication? If so
there is
an automatic certificate selection process which may help.

Otherwise you call ENGINE_load_privatekey(engine, id, NULL, NULL); then
pass the EVP_PKEY structure to SSL_CTX_use_PrivateKey().

Where id is (by default) a string passed to
CertFindCertificateInStore().

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to