On Thu, Sep 26, 2013, Fili, Tom wrote:
> Hmmm...ok. Is it possible that in some cases passing the subject to
> ENGINE_load_private_key is the incorrect thing to do?
>
> What I'm doing seems pretty simple but in some cases I get key/value mismatch
> errors.
>
> I get the PCCERT_CONTEXT from the windows certificate store.
>
> Then do the following to get the X509 structure and the private key
>
> PCCERT_CONTEXT context;
> ...
> const unsigned char *pData = context->pbCertEncoded;
> X509* pX509 = d2i_X509(0, &pData, context->cbCertEncoded);
> // Get Subject
> if (X509_NAME* subject = X509_get_subject_name(pX509))
> {
> for(int nid=0;nid<3;++nid)
> {
> X509_NAME_get_text_by_NID(subject, NIDs[nid], buffer,
> sizeof(buffer));
> if( buffer[0] != '\0' )
> {
> m_subject = buffer;
> break;
> }
> }
> }
> EVP_PKEY *pkey = ENGINE_load_private_key(e, m_subject, 0, 0);
>
> Then I set the context to use the certificates
>
> int errCode = SSL_CTX_use_certificate(context, pX509);
> errCode = SSL_CTX_use_PrivateKey(context, pkey);
>
> I don't seem to have any idea how there can be a mismatch.
>
You don't indicate what the "NIDs" array is. It's possible that there are
multiple certificates matching the values you look up and
ENGINE_load_private_key() just finds the first one which may not be the one
you want.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
