您的位置: 首页  >  技术问答  >  SCHANNEL TLS服务器端不能CertFindCertificateInStore

SCHANNEL TLS服务器端不能CertFindCertificateInStore

分类: 技术问答 2022-09-29 20:48:22
问题描述:

我将TLS加密添加到服务器端应用程序。我正在使用Schannel API来添加TLS。我遇到了CertFindCertificateInStore的问题。它永远不会找到我正在搜索的证书。作为搜索条件,我使用证书的名称。我已经花了很多时间在这个上,不明白为什么它不起作用。任何帮助将非常感激。我使用这个功能在下面。谢谢,SCHANNEL TLS服务器端不能CertFindCertificateInStore

INT ServerCreateCredentials(){

//- get the certificate store 
HCERTSTORE myCertStore = NULL; 
myCertStore = CertOpenStore(
          CERT_STORE_PROV_SYSTEM, 
          X509_ASN_ENCODING, 
          NULL, 
          CERT_SYSTEM_STORE_LOCAL_MACHINE, 
          L"My"); 

// check for the failure to find the appropriate store 
if (myCertStore == NULL) { 
    return 1; 
} 

// find the certificate in the store 
m_CertificateContext = CertFindCertificateInStore(
          myCertStore, 
          X509_ASN_ENCODING, 
          0, 
          CERT_FIND_SUBJECT_STR_A, 
          (LPVOID) CertificateName, 
          NULL); 

if (m_CertificateContext == NULL) { 
    // try unicode 
    m_CertificateContext = CertFindCertificateInStore(
          myCertStore, 
          X509_ASN_ENCODING, 
          0, 
          CERT_FIND_SUBJECT_STR_W, 
          CertificateName, 
          NULL); 

    if (m_CertificateContext == NULL) { 
     // free the store 
     CertCloseStore(myCertStore, CERT_CLOSE_STORE_CHECK_FLAG); 
     return 2; 
    } 
} 

TimeStamp life; 
// get the credentials 
SCHANNEL_CRED SchannelCredentials; 
ZeroMemory(&SchannelCredentials, sizeof(SchannelCredentials)); 

SchannelCredentials.dwVersion = SCHANNEL_CRED_VERSION; 

SchannelCredentials.cCreds = 1;       // number of credentials 
SchannelCredentials.paCred = &m_CertificateContext;  // credentials 
SchannelCredentials.hRootStore = myCertStore; // certificate store location 
SchannelCredentials.dwMinimumCipherStrength = 80;   // minimum encryption allowed 
SchannelCredentials.grbitEnabledProtocols = 0;   // let the dll decide 
SchannelCredentials.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION 
           | SCH_CRED_NO_SERVERNAME_CHECK 
           | SCH_CRED_REVOCATION_CHECK_CHAIN; 
DWORD Status = SEC_E_OK; 
Status = m_securityFunctionTable.AcquireCredentialsHandle(
        NULL, 
        UNISP_NAME, 
        SECPKG_CRED_INBOUND, 
        NULL, 
        &SchannelCredentials, 
        NULL, 
        NULL, 
        &m_credentials, 
        &life); 

// at this point we should be good 
// free the store 
CertCloseStore(myCertStore, CERT_CLOSE_STORE_CHECK_FLAG); 
if (Status != SEC_E_OK) { 
    return 3; 
} 

return 0;

我已经想通了,我不是在寻找正确的参数。您需要根据主题名称进行搜索,然后才能正常工作。

相关推荐