Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MTLS certificate loading on Windows 10 is broken #3145

JonathanHenson opened this issue Oct 17, 2018 · 1 comment


None yet
2 participants
Copy link

commented Oct 17, 2018

I did this

Used the source code here:

*store_path = sep + 1;

as a reference to look at the api usage to load a system installed certificate.

I expected the following

CertOpenStore to succeed. It does not, because the function expects a null terminated path for the system store. For example instead of "MY<thumbprint>", it should just be "MY".

Code I wrote that works:

char store_path[128] = { 0 };
assert(location_of_next_segment - store_path_start < sizeof(store_path));
memcpy(store_path, store_path_start, location_of_next_segment - store_path_start);

*cert_store = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, (HCRYPTPROV)NULL,
CERT_STORE_OPEN_EXISTING_FLAG | store_val, store_path);

curl/libcurl version

HEAD of the repo

operating system

Windows 10


This comment has been minimized.

Copy link

commented Oct 18, 2018

Thanks! Can you perhaps make a proper pull-request with your suggested fix?

@bagder bagder changed the title I think the MTLS certificate loading on windows is broken (at least on Windows 10 anyways). MTLS certificate loading on Windows 10 is broken Oct 18, 2018

@bagder bagder closed this in 5114f82 Mar 7, 2019

@lock lock bot locked as resolved and limited conversation to collaborators Jun 5, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.