Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Indirectly support the searching of certificates and private keys in local machine certificate stores #55

Merged
merged 7 commits into from
Oct 12, 2023

Conversation

13ajay
Copy link
Contributor

@13ajay 13ajay commented Oct 4, 2023

Issue #, if available: #41

Description of changes:

  • Support the passing in of arbitrary names for system certificate stores when leveraging the Windows certificate store integration.

  • Note that while the stores are still opened within the CERT_SYSTEM_STORE_CURRENT_USER context, "all current user certificate stores except the Current User/Personal store inherit the contents of local machine certificate stores." This means that certificates and private keys added to local machine certificate stores can still be accessed through the credential helper.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

local machine certificate stores

 * Support the passing in of arbitrary names for system certificate
   stores when leveraging the Windows certificate store integration.

 * Note that while the stores are still opened within the
   CERT_SYSTEM_STORE_CURRENT_USER context, "all current user certificate
   stores except the Current User/Personal store inherit the contents of
   local machine certificate stores." This means that certificates and
   private keys added to local machine certificate stores can still be
   accessed through the credential helper.

 * Do a case-insensitive comparison of the system store name passed in
   with the predefined system store names (as defined in the Microsoft
   documentation). If there is a match, canonicalize the case so that it
   can be used to open a valid system certificate store. Otherwise, use
   the provided name (assuming that the user has created a custom
   certificate store with that name).
 * Change wording used in one sentence in the README.
 * Enforce mutual exclusion a bit better between PKCS#11 flags,
   certificate store flags, and file system flags.
@13ajay 13ajay merged commit a2bd650 into main Oct 12, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants