Re: SSL client certificate from Windows certificate store

From: Thomas Åkesson <thomas_at_akesson.cc>
Date: Tue, 8 Nov 2016 18:23:08 +0100

Hello again,

Found that OpenSSL does read the Windows “MY” / Personal store.
- ./ext/openssl/engines/e_capi.c
- There is also e_capi.patch.
- Hash of the complete acceptable CA list is stored in the registry key “HKEY_CURRENT_USER\Software\TortoiseSVN\CAPIAuthz”.
- Found code that compares the certificate with STACK_OF(X509_NAME) which is likely the CA hint from the server.

The code looks good, unable to find anything obvious.

I have servers on both Apache 2.2 and 2.4. I also have certificates issued from the same CA but with different intermediates, different depth actually (2 vs 3).

The only combination that does not work is the certificate with depth 3 against Apache 2.4 when the certificate is in the Windows certificate store. Using the same p12 file configured in servers file works fine against Apache 2.4.

Kind of odd.

/Thomas Å.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3193130

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2016-11-08 18:23:20 CET

This message: [ Message body ]
Next message: David Balažic: "RE: SSL client certificate from Windows certificate store"
Previous message: Thomas Åkesson: "SSL client certificate from Windows certificate store"
In reply to: Thomas Åkesson: "SSL client certificate from Windows certificate store"
Next in thread: David Balažic: "RE: SSL client certificate from Windows certificate store"
Reply: David Balažic: "RE: SSL client certificate from Windows certificate store"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]