When authenticating an SSL client connection, the server expects the client to provide a certificate. On typical corporate Windows platforms, these certificates are located in the 'Personal' section of the Windows cryptography store (opened with this command: 'certmgr.msc')
OpenSSL does not use these certificates. Windows does provide a WinHTTP API which provides the ability to create SSL connections but they must adhere to the HTTP request/response protocol, does anyone know of a Windows API which allows programmers to create an SSL connection which authenticates using the Windows cryptography store certificates but can be used just like an OpenSSL socket?, thanks.
Openssl supports multiple cryptographic engines, one of them being the Windows CAPI engine.
Here is the result of openssl engine on my machine. CAPI is the last one :
(dynamic) Dynamic engine loading support
(4758cca) IBM 4758 CCA hardware engine support
(aep) Aep hardware engine support
(atalla) Atalla hardware engine support
(cswift) CryptoSwift hardware engine support
(chil) CHIL hardware engine support
(nuron) Nuron hardware engine support
(sureware) SureWare hardware engine support
(ubsec) UBSEC hardware engine support
(padlock) VIA PadLock (no-RNG, no-ACE)
(gost) Reference implementation of GOST engine
(capi) CryptoAPI ENGINE
The OpenSSL engine(3) man page shows example code on how to select the engine in your code. Building OpenSSL can be a bit tricky. Here is a batch file that will produce a static build with all the the engines also staticaly linked. Not the best choice for deployment, but having a single file frees you from DLL Hell, while you work the CAPI details.
@echo off
setlocal
call "C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"
::Get the current directory name in the variable builddir
for /f "delims=\" %%a in ("%cd%") do set builddir=%%~nxa
::Configure build variable
perl Configure VC-WIN32 enable-static-engine --prefix=.
::Generate makefile
call ms\do_nasm.bat
::Build
nmake -f ms\nt.mak
::Test
nmake -f ms\nt.mak test
::Install
nmake -f ms\nt.mak install
endlocal