Ok, I look to have got it working. Using SSL_CTX_set_default_verify_paths after registering the engine worked as desired.
Also SSL_CTX_use_certificate_ASN1 with cbCertEncoded and pbCertEncoded from the CERT_CONTEXT seemed to work as well. Thanks for all your help. -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Fili, Tom Sent: Friday, December 03, 2010 3:48 PM To: openssl-users@openssl.org Subject: RE: Private Key from Windows Cert Store Ok, I got it loading. Thanks. I'm still have an issue, which would stem from my lack of understanding of OpenSSL. This seems to succeed in giving me the private key. ENGINE_load_builtin_engines(); if( ENGINE *e = ENGINE_by_id("capi") ) { if( ENGINE_init(e) ) { ENGINE_register_complete(e); EVP_PKEY *privateKey = ENGINE_load_private_key(e, certificate.Subject().c_str(), 0, 0); SSL_CTX_use_PrivateKey(pContext, privateKey); ENGINE_finish(e); ENGINE_free(e); } } Now I need to make the equivalent call for SSL_CTX_use_certificate_file which I'm guessing is SSL_CTX_use_certificate and I get the cert from ENGINE_load_ssl_client_cert. I'm a little unclear on what to pass into ENGINE_load_ssl_client_cert. Also, will SSL_CTX_set_default_verify_paths use the CA certs from the Windows store or is there another engine call I have to make? Again, thanks. You have been so helpful. -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Friday, December 03, 2010 12:27 PM To: openssl-users@openssl.org Subject: Re: Private Key from Windows Cert Store On Fri, Dec 03, 2010, Fili, Tom wrote: > I rebuild OpenSSL and didn't get a capi.dll. I'm using 0.9.8k. Is there > something I'm missing in the build process that I need to change to get > the engines to compiled in. From what I've read it looks like it builds > these engines into the openssl dlls. > > The following returns still NULL for me. > > ENGINE_load_builtin_engines(); > ENGINE *e = ENGINE_by_id("capi"); > The CAPI ENGINE isn't compiled in by default in OpenSSL 0.9.8x, it needs the command line switch enable-capieng to Configure. Also the ENGINE dll build process isn't enabled in 0.9.8x so you'll get it built into libeay32.dll. The CAPI ENGINE is compiled by default in 1.0.0x and the dll ENGINE support enabled so you should get a capi.dll with that. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
