+static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
+ {
+ int i;
+ X509_NAME *nm;
+ for (i = 0; i < sk_X509_NAME_num(ca_dn); i++)
+ {
+ nm = sk_X509_NAME_value(ca_dn, i);
+ if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
+ return 1;
+ }
+ return 0;
+ }
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
+ STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
+ {
+#if 0
+ /* For now just one matching key/cert */
+ STACK_OF(X509) *certs = NULL;
+ STACK_OF(EVP_PKEY) *keys = NULL;
+#endif
+ X509 *x;
+ EVP_PKEY *pk;
+ char *storename;
+ const char *p;
+ int i;
+ HCERTSTORE hstore;
+ PCCERT_CONTEXT cert = NULL;
+ CAPI_CTX *ctx;
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+
+ *pcert = NULL;
+ *pkey = NULL;
+
+ storename = ctx->ssl_client_store;
+ if (!storename)
+ storename = "MY";
+
+ hstore = capi_open_store(ctx, storename);
+ if (!hstore)
+ return 0;
+ /* Enumerate all certificates looking for a match */
+ for(i = 0;!*pcert;i++)
+ {
+ cert = CertEnumCertificatesInStore(hstore, cert);
+ if (!cert)
+ break;
+ p = cert->pbCertEncoded;
+ x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+ if (!x)
+ {
+ CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
+ continue;
+ }
+ if (cert_issuer_match(ca_dn, x))
+ {
+ CAPI_KEY *key = capi_get_cert_key(ctx, cert);
+ if (!key)
+ continue;
+ pk = capi_get_pkey(e, key);
+ if (!pk)
+ {
+ capi_free_key(key);
+ continue;
+ }
+ *pcert = x;
+ *pkey = pk;
+ }
+ else
+ X509_free(x);
+
+ }
+
+ if (cert)
+ CertFreeCertificateContext(cert);
+
+ if (*pcert)
+ return 1;
+ else
+ return 0;
+
+ }
+