//get the credentials
SecurityFunctionTable m_SecurityFunc;
Status = m_SecurityFunc.AcquireCredentialsHandle(
NULL,
UNISP_NAME,//schannel package requested
SECPKG_CRED_INBOUND,//for server
NULL,
&m_SchannelCred,//structure contains the data required for //SChannel
NULL,
NULL,
phCreds,//pointer to CreHandle which receives the handle to credentials
&tsExpiry);
if(Status != SEC_E_OK )
{
::OutputDebugString(_T("error"));
}
i m getting an error .I checked the returned value of status ,it is
SEC_E_INTERNAL_ERROR
i m not understand where is the problem.
Thanx in advance for any suggestion
Thanks for your patience,
Rhett Gong [MSFT]
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp&SD=msdn
This posting is provided "AS IS" with no warranties and confers no rights.
Thanks,
Hi
Rhett Gong
I m the same person who posted 3 messages of same
subject(AcquireCredentialsHandle returns with SEC_E_INTERNAL_ERROR).I m
sorry for this act as my Outlook is not configured properly.Whenever i
post my problem i couldnot see it in the newsgroup,but it is present in
"Sent Items".So i posted 3 times.Once again sorry for the inconvenience.
openssl>req -newkey rsa:1024 -keyout server.key -nodes -days 365 -out
server.crt
with this command a certificate request (server.crt) is generated.i
opened
the server.crt and pasted it contents in Advance option (certificate
service) to get the certificate.i got a certificate named
as"certnew.cer".i
opened the certificate ,there was an option "copy to file".i opted for
PKCS#7 Certificates(.P7B) and named it FileStore.A file was generated
named
as Filestore.p7b
//this my code for certificate store
#define ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
HCERTSTORE m_hMyCertStore;//handle to certificate store
m_hMyCertStore = CertOpenStore(
CERT_STORE_PROV_FILENAME_A,// define the store provider type,here it is
a
//file on disk.
ENCODING_TYPE,// encoding type for certificate & message
NULL, // choose a default CSR.
NULL, //default flag
_T("FileStore.p7b")); //The name of an existing file
//i want to know whether this a right procedure
/*this code is the continuation of the above code*/
#define ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
TimeStamp tsExpiry;
SECURITY_STATUS Status;
CERT_RDN cert_rdn;// structure to obtain certificate using RDN
attributes
//containing structure CERT_RDN_ATTR
CERT_RDN_ATTR cert_rdn_attr;// structure for one attribute of RDN ie
//Common Name
//only one attribute of RDN is used to find certificate
cert_rdn.cRDNAttr = 1;//only one CERT_RDN_ATTR
cert_rdn.rgRDNAttr =&cert_rdn_attr;//pointer to CERT_RDN_ATTR the
//structure contains 1 attribute
const TCHAR * pszUserName=_T("SNS");//Common Name is SNS
cert_rdn_attr.pszObjId = szOID_COMMON_NAME;//go for Common Name
//attribte in RDN
cert_rdn_attr.dwValueType = CERT_RDN_ANY_TYPE;
cert_rdn_attr.Value.cbData = _tcslen(pszUserName);//length of //Common
Name
#ifdef _UNICODE
char *pszUn = new char[wcslen(pszUserName)+1];
WideCharToMultiByte(CP_ACP,0,pszUserName,-1,pszUn,wcslen(pszUserName)+1,NULL,NULL);
cert_rdn_attr.Value.pbData = (BYTE *)pszUn;
#else
cert_rdn_attr.Value.pbData = (BYTE *)pszUserName;
#endif
//search for the certificate in the certificate store
PCCERT_CONTEXT m_pCertContext;
m_pCertContext =
CertFindCertificateInStore(m_hMyCertStore,
ENCODING_TYPE,
0,//use default values
CERT_FIND_SUBJECT_ATTR,
&cert_rdn,
NULL);
#ifdef _UNICODE
delete [] pszUn;
#endif
//If the function fails and a certificate that matches the search
criteria is not //found,the return value is NULL
if(m_pCertContext == NULL &&::GetLastError()==CRYPT_E_NOT_FOUND)
{
::OutputDebugString(_T("error:"));
}
::OutputDebugString(_T("pointer to the certificate context is
available"));
SCHANNEL_CRED m_SchannelCred;
SecurityFunctionTable m_SecurityFunc;
CredHandle m_hCreds;
PCredHandle phCreds=&m_hCreds//pointer to the credential handle
ZeroMemory(&m_SchannelCred, sizeof(m_SchannelCred));
//Credentials are required by the Schannel authentication
m_SchannelCred.dwVersion = SCHANNEL_CRED_VERSION;
m_SchannelCred.cCreds = 1;//only one certificate store
m_SchannelCred.paCred = &m_pCertContext;//pointer to the pointer of
//CERT_CONTEXT structure this how the certificate enters the credential
//which is used for security context in schannel authentication
m_SchannelCred.hRootStore = m_hMyCertStore;//handle to certificate
store
m_SchannelCred.dwMinimumCipherStrength = 80;//strength of cipher
DWORD m_dwProtocol=0;//use any protocol
m_SchannelCred.grbitEnabledProtocols = m_dwProtocol;//use any protocol
m_SchannelCred.dwFlags |= SCH_CRED_NO_SYSTEM_MAPPER ;
//function, which returns a handle to the requested credentials
Status = m_SecurityFunc.AcquireCredentialsHandle(
NULL, // Nameof principal
UNISP_NAME,//schannel package
SECPKG_CRED_INBOUND,
NULL,
&m_SchannelCred,
NULL,
NULL,
phCreds
&tsExpiry);
//here i refered MSDN for returned Status and put different values of
Status //check the exact cause for error and i found the returned value
of Status is
//SEC_E_INTERNAL_ERROR
if(Status != SEC_E_OK &&Status==SEC_E_INTERNAL_ERROR)
{
::OutputDebugString(_T("error channel credentials"));
}
::OutputDebugString(_T("handle to channel credential is available"));
//Pls help me.Thanx in advance for any suggestion.
In addition, if you have installed Platform SDK, there is client and server samples under \Microsoft Platform SDK\Samples
\Security\SSPI\SSL, you may reference it for how to use AcquireCredentialsHandle.
PS: for consistency, I will post my reply here and if you have more information on this problem, please post here only.
Thanks for your cooporation and patience,
We have a client & server code under SDK samples (\Microsoft Platform SDK\Samples\Security\SSPI\SSL) which use AcquireCredentialshandle. I think it would be better
if we could talk over this sample, so is it convenient for you to modify this sample code to reproduce the problem?
Thanks very much for your patience,