SCHANNEL TLS服务器端无法CertFindCertificateInStore

SCHANNEL TLS Server side cannot CertFindCertificateInStore

本文关键字:CertFindCertificateInStore 服务器端 TLS SCHANNEL      更新时间:2023-10-16

我正在向服务器端应用程序添加TLS加密。我正在使用Schannel API添加TLS。我在CertFindCertificateInStore中遇到问题。它永远找不到我正在搜索的证书。作为搜索条件,我使用证书的名称。我现在已经花了很多时间在这个问题上,不明白为什么它不起作用。任何帮助都将不胜感激。下面是我在中使用的函数。谢谢,

int ServerCreateCredentials(){

//- get the certificate store
HCERTSTORE myCertStore = NULL;
myCertStore = CertOpenStore(
                            CERT_STORE_PROV_SYSTEM,
                            X509_ASN_ENCODING,
                            NULL,
                            CERT_SYSTEM_STORE_LOCAL_MACHINE,
                            L"My");
// check for the failure to find the appropriate store
if (myCertStore == NULL) {
    return 1;
}
// find the certificate in the store
m_CertificateContext = CertFindCertificateInStore(
                            myCertStore,
                            X509_ASN_ENCODING,
                            0,
                            CERT_FIND_SUBJECT_STR_A,
                            (LPVOID) CertificateName,
                            NULL);
if (m_CertificateContext == NULL) {
    // try unicode
    m_CertificateContext = CertFindCertificateInStore(
                            myCertStore,
                            X509_ASN_ENCODING,
                            0,
                            CERT_FIND_SUBJECT_STR_W,
                            CertificateName,
                            NULL);
    if (m_CertificateContext == NULL ) {
        // free the store
        CertCloseStore(myCertStore, CERT_CLOSE_STORE_CHECK_FLAG);
        return 2;
    }
}
TimeStamp life;
// get the credentials
SCHANNEL_CRED SchannelCredentials;
ZeroMemory(&SchannelCredentials, sizeof(SchannelCredentials));
SchannelCredentials.dwVersion = SCHANNEL_CRED_VERSION;
SchannelCredentials.cCreds = 1;                         // number of credentials 
SchannelCredentials.paCred = &m_CertificateContext;     // credentials
SchannelCredentials.hRootStore = myCertStore;   // certificate store location
SchannelCredentials.dwMinimumCipherStrength = 80;           // minimum encryption allowed
SchannelCredentials.grbitEnabledProtocols = 0;          // let the dll decide
SchannelCredentials.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION 
                              | SCH_CRED_NO_SERVERNAME_CHECK 
                              | SCH_CRED_REVOCATION_CHECK_CHAIN;
DWORD Status = SEC_E_OK;
Status = m_securityFunctionTable.AcquireCredentialsHandle(
                    NULL,
                    UNISP_NAME,
                    SECPKG_CRED_INBOUND,
                    NULL,
                    &SchannelCredentials,
                    NULL,
                    NULL,
                    &m_credentials,
                    &life);
// at this point we should be good
// free the store
CertCloseStore(myCertStore, CERT_CLOSE_STORE_CHECK_FLAG);
if (Status != SEC_E_OK) {
    return 3;
}
return 0;

我发现我没有搜索正确的参数。你需要根据主题名称进行搜索,然后它就会起作用。

相关文章:
  • 没有找到相关文章