-
-
Save steffengy/245ecaa9125928cf788b7e9afdac8730 to your computer and use it in GitHub Desktop.
schannel patch for some investigationg regarding PKCS#8 import of RSA private key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
src/test.rs | 37 +++++++++++++++++++++++-------------- | |
1 file changed, 23 insertions(+), 14 deletions(-) | |
diff --git a/src/test.rs b/src/test.rs | |
index ef48ed5..59efd12 100644 | |
--- a/src/test.rs | |
+++ b/src/test.rs | |
@@ -511,6 +511,7 @@ fn split_cert_key() { | |
let stream = TcpStream::connect(&addr).unwrap(); | |
let creds = SchannelCred::builder() | |
.acquire(Direction::Outbound).unwrap(); | |
+ println!("client acquired"); | |
let mut stream = tls_stream::Builder::new() | |
.domain("localhost") | |
.cert_store(store) | |
@@ -521,33 +522,39 @@ fn split_cert_key() { | |
assert_eq!(stream.read(&mut [0; 1024]).unwrap(), 4); | |
stream.shutdown().unwrap(); | |
}); | |
- | |
let cert = include_bytes!("../test/cert.der"); | |
- let cert = CertContext::new(cert).unwrap(); | |
+ let mut store = Memory::new().unwrap(); | |
+ let cert = store.add_encoded_certificate(cert).unwrap(); | |
let mut options = AcquireOptions::new(); | |
- options.container("schannel-tests") | |
- .provider(winapi::MS_STRONG_PROV); | |
+ let container_str = "schannel-tests5"; | |
let type_ = ProviderType::rsa_full(); | |
+ let key_spec = KeySpec::key_exchange(); | |
+ options.container(container_str) | |
+ //.verify_context(true) | |
+ .provider(winapi::MS_ENHANCED_PROV); | |
+ | |
let mut container = match options.acquire(type_) { | |
Ok(container) => container, | |
Err(_) => options.new_keyset(true).acquire(type_).unwrap(), | |
}; | |
let key = include_bytes!("../test/key.key"); | |
- container.import() | |
- .import(key) | |
- .unwrap(); | |
+ { | |
+ container.import() | |
+ .import(key) | |
+ .unwrap(); | |
+ } | |
- let context = KeyContext::crypt_prov(container, KeySpec::signature()); | |
- cert.set_key_context(context).unwrap(); | |
+ /*let context = KeyContext::crypt_prov(container, key_spec); | |
+ cert.set_key_context(context).unwrap();*/ | |
cert.set_key_prov_info() | |
- .container("schannel-tests") | |
- .provider(winapi::MS_STRONG_PROV) | |
- .type_(ProviderType::rsa_full()) | |
- .keep_open(true) | |
- .key_spec(KeySpec::signature()) | |
+ .container(container_str) | |
+ .provider(winapi::MS_DEF_PROV) | |
+ .type_(type_) | |
+ //.keep_open(true) | |
+ .key_spec(key_spec) | |
.set() | |
.unwrap(); | |
@@ -556,6 +563,8 @@ fn split_cert_key() { | |
.cert(cert) | |
.acquire(Direction::Inbound) | |
.unwrap(); | |
+ | |
+ println!("acquired"); | |
let mut stream = tls_stream::Builder::new() | |
.accept(creds, stream) | |
.unwrap(); | |
-- | |
2.11.0.windows.1 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment