#ifdef OPENSSL_SYS_WIN32
#ifndef OPENSSL_NO_CAPIENG
+
#include <windows.h>
+
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0400
+#endif
+
#include <wincrypt.h>
#undef X509_EXTENSIONS
#undef X509_CERT_PAIR
+/* Definitions which may be missing from earlier version of headers */
+#ifndef CERT_STORE_OPEN_EXISTING_FLAG
+#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
+#endif
+
+#ifndef CERT_STORE_CREATE_NEW_FLAG
+#define CERT_STORE_CREATE_NEW_FLAG 0x00002000
+#endif
+
#include <openssl/engine.h>
#include <openssl/pem.h>
+#include <openssl/x509v3.h>
#include "e_capi_err.h"
#include "e_capi_err.c"
return ret;
memerr:
- CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
{
CAPI_KEY *key;
key = OPENSSL_malloc(sizeof(CAPI_KEY));
- contname, provname, ptype);
CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
contname, provname, ptype);
if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, 0))
CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
continue;
}
- if (cert_issuer_match(ca_dn, x))
+ if (cert_issuer_match(ca_dn, x)
+ && X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0))
{
key = capi_get_cert_key(ctx, cert);
if (!key)
+ {
+ X509_free(x);
continue;
+ }
/* Match found: attach extra data to it so
* we can retrieve the key later.
*/
* CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
*/
-#include <PrSht.h>
-#include <cryptuiapi.h>
+/* Definitions which are in cryptuiapi.h but this is not present in older
+ * versions of headers.
+ */
+
+#ifndef CRYPTUI_SELECT_LOCATION_COLUMN
+#define CRYPTUI_SELECT_LOCATION_COLUMN 0x000000010
+#define CRYPTUI_SELECT_INTENDEDUSE_COLUMN 0x000000004
+#endif
#define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
#define dlg_prompt L"Select a certificate to use for authentication"
CERT_STORE_CREATE_NEW_FLAG, NULL);
if (!dstore)
{
- CAPIerr(CAPI_F_CLIENT_CERT_SELECT, CAPI_R_ERROR_CREATING_STORE);
+ CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE);
capi_addlasterror();
goto err;
}
if (!CertAddCertificateContextToStore(dstore, key->pcert,
CERT_STORE_ADD_NEW, NULL))
{
- CAPIerr(CAPI_F_CLIENT_CERT_SELECT, CAPI_R_ERROR_ADDING_CERT);
+ CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT);
capi_addlasterror();
goto err;
}
}
- hwnd = GetActiveWindow();
+ hwnd = GetForegroundWindow();
+ if (!hwnd)
+ hwnd = GetActiveWindow();
if (!hwnd && ctx->getconswindow)
hwnd = ctx->getconswindow();
/* Call dialog to select one */
}
#endif
+#endif
+#else /* !WIN32 */
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
+IMPLEMENT_DYNAMIC_CHECK_FN()
#endif
#endif