Hi!
I searched a bit around and came up with this. I used v1.0.0.5 OpenSSL Dlls,
but if you compile 0.9 with engine enabled, it should work.
function UsePKeyFromCapi(const ASSLCtx: PSSL_CTX; const ACert: PCCERT_CONTEXT):
Boolean;
var
CapiEngine: PENGINE;
EngStatus: Integer;
ProvLen, ContNameLen: Integer;
ProvInfo: ^CRYPT_KEY_PROV_INFO;
ContName: PAnsiChar;
LKey: PEVP_PKEY;
begin
f_ENGINE_load_builtin_engines;
CapiEngine := f_ENGINE_by_id('dynamic');
Result := True;
ContNameLen := 0;
ProvLen := 0;
ProvInfo := nil;
ContName := nil;
LKey := nil;
try
if CapiEngine <> nil then
begin
EngStatus := f_ENGINE_ctrl_cmd_string(CapiEngine, 'SO_PATH',
'.\capi.dll', 0);
if EngStatus > 0 then
EngStatus := f_ENGINE_ctrl_cmd_string(CapiEngine, 'LOAD', nil, 0);
if EngStatus > 0 then
EngStatus := f_ENGINE_init(CapiEngine);
if EngStatus > 0 then
f_ENGINE_register_all_complete;
if (EngStatus > 0) and CertGetCertificateContextProperty(ACert,
CERT_KEY_PROV_INFO_PROP_ID, nil, @ProvLen) then
begin
ProvInfo := AllocMem(ProvLen);
if CertGetCertificateContextProperty(ACert, CERT_KEY_PROV_INFO_PROP_ID,
ProvInfo, @ProvLen) then
begin
ContNameLen := LocaleCharsFromUnicode(DefaultSystemCodePage, 0,
ProvInfo^.pwszContainerName, -1, nil, 0, nil, nil);
ContName := AllocMem(ContNameLen);
LocaleCharsFromUnicode(DefaultSystemCodePage, 0,
ProvInfo^.pwszContainerName, -1, ContName, ContNameLen, nil, nil)
end;
if f_ENGINE_ctrl_cmd_string(CapiEngine, 'lookup_method', '3', 0) <> 0
then
begin
LKey := f_ENGINE_load_private_key(CapiEngine, ContName, nil, nil);
if SSL_CTX_use_PrivateKey(ASSLCtx, LKey) > 0 then
if SSL_CTX_check_private_key(ASSLCtx) > 0 then
Result := True;
end;
end;
end;
finally
f_ENGINE_free(CapiEngine);
if Assigned(ProvInfo) then
FreeMem(ProvInfo);
if Assigned(ContName) then
FreeMem(ContName);
if Assigned(LKey) then
EVP_PKEY_free(LKey);
end;
end;
> -----Original Message-----
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Vladimir Belov
> Sent: Tuesday, November 01, 2011 7:26 PM
> To: openssl-users@openssl.org
> Subject: Re: Using certificate and private key from Windows cert store
> with OpenSSL
>
>
> How to use some "engine API" in my program? What is the name of this
> "some engine API" or engine plug-in?
>
> Please, give a small example or where can I find documentation about
> this?
> Is any documentation on the openssl.org?
>
> ----------------------------------------------------------
> From: Jakob Bohm
> Sent: Tuesday, November 01, 2011 8:04 PM
> To: openssl-users@openssl.org
> Subject: Re: Using certificate and private key from Windows cert store
> with OpenSSL
>
> This option is for the OpenSSL API, and I sure hope it would work with
> all the supported Windows Compilers, so you can use it with the
> compiler needed by the rest of your project.
>
> Once compiled in, your code will need to use some "engine API"
> at your program startup to request use of that engine plug-in, after
> which you should be able to use the Windows Certificate store and
> contents directly.
>
> On 11/1/2011 4:03 PM, Vladimir Belov wrote:
> >
> > Thanks, I understood that 'enable-capieng' option is a standard
> option
> > for Configure (enable/no).
> >
> > Is this option only for openssl.exe? How will openssl.exe use Windows
> > CERT store? Automatically or there is a command of openssl.exe for
> this.
> >
> > I asked about OpenSSLAPI functions, that will let me to use Windows
> > CERT store directly in my own program. Like X509_verify_cert for
> > OpenSSL CERT Store.
> >
> > Or I must manually extract Certificate during handshake, transform
> > it(if
> > necessary) and give it to WinAPI functions to next verifications of
> > certificate with CryptoAPI?
> >
> >
> > ---------------------------------------------------------------------
> -
> > ---------
> >
> > From: Sergio NNX
> > Sent: Monday, October 31, 2011 11:12 PM
> > To: openssl-users@openssl.org
> > Subject: RE: Using certificate and private key from Windows cert
> store
> > with OpenSSL Ciao.
> >
> > I use MinGW to build OpenSSL and it has always worked very well.
> >
> > Steps: a) perl Configure mingw shared enable-capieng --prefix=/mingw
> > --openssldir=C:/OpenSSL
> >
> > b) make
> >
> > After a while, you'll have openssl.exe and a couple of DLLs. At this
> > stage, you'll be able to access Windows Certificate store.
> >
> > If you're using Windows boxes, I can send you my copy of OpenSSL for
> > you to test.
> >
> > I hope it helps.
> >
> > Sergio.
> >
> >
> >
> >> From: ml.vladimbe...@gmail.com
> >> To: openssl-users@openssl.org
> >> Subject: Re: Using certificate and private key from Windows cert
> >> store with OpenSSL
> >> Date: Mon, 31 Oct 2011 21:40:44 +0400
> >>
> >> Sergio, how to set this option building OpenSSL? I didn't find any
> >> suggestions in documentation. And can you give a link to the
> >> documentation on the site openssl.org where there are functions of
> >> API to work with Windows CERT Stores?
> >>
> >>
> >> From: Sergio NNX
> >> Sent: Monday, October 31, 2011 1:02 PM
> >> To: openssl-users@openssl.org
> >> Subject: RE: Using certificate and private key from Windows cert
> >> store with OpenSSL Ciao Andrejs.
> >>
> >> I don't know much about the source code you posted previously but if
> >> you build OpenSSL with the 'enable-capieng' option you'll be able to
> >> access every single store and all the certs stored in Windows.
> >>
> >> I hope it helps.
> >>
> >> Sergio.
> >>
> >>
> >>
> >>
> >>
> _____________________________________________________________________
> >> _ OpenSSL Project http://www.openssl.org User Support Mailing List
> >> openssl-users@openssl.org Automated List Manager
> >> majord...@openssl.org
> >
> >
> ______________________________________________________________________
> > OpenSSL Project
> http://www.openssl.org
> > User Support Mailing List openssl-
> us...@openssl.org
> > Automated List Manager
> majord...@openssl.org
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
