Code: Select all
find_certificate_in_store(const char *cert_prop, HCERTSTORE cert_store)
{
/* Find, and use, the desired certificate from the store. The
* 'cert_prop' certificate search string can look like this:
* SUBJ:<certificate substring to match>
* THUMB:<certificate thumbprint hex value>, e.g.
* THUMB:f6 49 24 41 01 b4 fb 44 0c ce f4 36 ae d0 c4 c9 df 7a b6 28
* The first matching certificate that has not expired is returned.
*/
const CERT_CONTEXT *rv = NULL;
DWORD find_type;
const void *find_param;
unsigned char hash[255];
CRYPT_HASH_BLOB blob = {.cbData = 0, .pbData = hash};
struct gc_arena gc = gc_new();
if (!strncmp(cert_prop, "SUBJ:", 5))
{
/* skip the tag */
find_param = wide_string(cert_prop + 5, &gc);
find_type = CERT_FIND_SUBJECT_STR_W;
}
else if (!strncmp(cert_prop, "ISSUER:", 7))
{
find_param = wide_string(cert_prop + 7, &gc);
find_type = CERT_FIND_ISSUER_STR_W;
}
else if (!strncmp(cert_prop, "THUMB:", 6))
{
find_type = CERT_FIND_HASH;
find_param = &blob;
blob.cbData = parse_hexstring(cert_prop + 6, hash, sizeof(hash));
if (blob.cbData == 0)
{
msg(M_WARN|M_INFO, "WARNING: cryptoapicert: error parsing <%s>.", cert_prop);
goto out;
}
}
else
{
msg(M_NONFATAL, "Error in cryptoapicert: unsupported certificate specification <%s>", cert_prop);
goto out;
}
I've tried it in a lab and receive the message *"unsupported certificate specification <ISSUER:....>"*