I'm using the capi API to access certificates in the Windows Cert Store. I'm using the following to get access to the private key
EVP_PKEY *key = ENGINE_load_private_key(e, subject, 0, 0); This seems to work as far as I can tell. Even if the certificate requires a password the OS prompts the user for it before it allows access. I've recently run into some customers who don't get the dialog prompt and get a "key value mismatch" error when it appears to be calling SSL_CTX_use_PrivateKey. I don't have access to their machines, to do a full debug session. I'm wondering if there is something that affects whether Windows displays the prompts and if the correct way to do this would be to use SSL_CTX_set_default_passwd_cb or specify a UI_METHOD to ENGINE_load_private_key instead of depending on the OS for this. Does anyone have any experience in dealing with this? Thanks --Tom
