Fili, can you please share the snippet for this, I am still not able to get this to work. It keep on giving error.
On Wed, Dec 8, 2010 at 9:57 AM, Fili, Tom <tf...@agi.com> wrote: > Ok, I look to have got it working. > > Using SSL_CTX_set_default_verify_paths after registering the engine > worked as desired. > > Also SSL_CTX_use_certificate_ASN1 with cbCertEncoded and pbCertEncoded > from the CERT_CONTEXT seemed to work as well. > > Thanks for all your help. > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Fili, Tom > Sent: Friday, December 03, 2010 3:48 PM > To: openssl-users@openssl.org > Subject: RE: Private Key from Windows Cert Store > > Ok, I got it loading. Thanks. > > I'm still have an issue, which would stem from my lack of understanding > of OpenSSL. This seems to succeed in giving me the private key. > > ENGINE_load_builtin_engines(); > if( ENGINE *e = ENGINE_by_id("capi") ) > { > if( ENGINE_init(e) ) > { > ENGINE_register_complete(e); > > EVP_PKEY *privateKey = ENGINE_load_private_key(e, > certificate.Subject().c_str(), 0, 0); > SSL_CTX_use_PrivateKey(pContext, privateKey); > > ENGINE_finish(e); > ENGINE_free(e); > } > } > > Now I need to make the equivalent call for SSL_CTX_use_certificate_file > which I'm guessing is SSL_CTX_use_certificate and I get the cert from > ENGINE_load_ssl_client_cert. I'm a little unclear on what to pass into > ENGINE_load_ssl_client_cert. > > Also, will SSL_CTX_set_default_verify_paths use the CA certs from the > Windows store or is there another engine call I have to make? > > Again, thanks. You have been so helpful. > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson > Sent: Friday, December 03, 2010 12:27 PM > To: openssl-users@openssl.org > Subject: Re: Private Key from Windows Cert Store > > On Fri, Dec 03, 2010, Fili, Tom wrote: > > > I rebuild OpenSSL and didn't get a capi.dll. I'm using 0.9.8k. Is > there > > something I'm missing in the build process that I need to change to > get > > the engines to compiled in. From what I've read it looks like it > builds > > these engines into the openssl dlls. > > > > The following returns still NULL for me. > > > > ENGINE_load_builtin_engines(); > > ENGINE *e = ENGINE_by_id("capi"); > > > > The CAPI ENGINE isn't compiled in by default in OpenSSL 0.9.8x, it needs > the > command line switch enable-capieng to Configure. Also the ENGINE dll > build > process isn't enabled in 0.9.8x so you'll get it built into > libeay32.dll. > > The CAPI ENGINE is compiled by default in 1.0.0x and the dll ENGINE > support > enabled so you should get a capi.dll with that. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
