PR: 2880

Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>

Correctly handle local machine keys in the capi ENGINE.

diff --git a/engines/e_capi.c b/engines/e_capi.c
index fa0624f1450e6aa35a7ededd0551283ed3f01108..8b7e25815cec467835ad13156fe55c2757e52acf 100644 (file)
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -1431,10 +1431,13 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE h
 static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
        {
        CAPI_KEY *key;
+    DWORD dwFlags = 0; 
        key = OPENSSL_malloc(sizeof(CAPI_KEY));
        CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", 
                                                contname, provname, ptype);
-       if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
+    if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+        dwFlags = CRYPT_MACHINE_KEYSET;
+    if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags)) 
                {
                CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
                capi_addlasterror();