support ECC key in Windows certificate store

[l2dy]

I'm using v1.3.

[nmav]

Please provide more information, for example the type of the key (curve), and the public key. It should have worked for P256, P384 and P521 keys.

[l2dy]

System: Windows 10 Error message: Error importing system key system:win:id=**********;type=privkey;name=****: The requested data were not available. Key info: ECC (256 Bits) ECDSA_P256 in Certificates - Current User -> Personal -> Certificates

[nmav]

This functionality has not been tested in windows 10.

[l2dy]

After adding uid to the user certificate, the error changed:

Using system key system:win:id=*;type=privkey;name=*
Error importing system key system:win:id=*;type=privkey;name=*: An unknown public key algorithm was encountered.

[nmav]

Could you set into environment GNUTLS_DEBUG_LEVEL=4 and run the program again? That will display the public key algorithm that was not supported.

[nmav]

btw. what do you mean by adding UID to the certificate? Isn't that done by default?

[l2dy]

after setting GNUTLS_DEBUG_LEVEL=4:

gnutls[3]: ASSERT: system-keys-win.c:426
Error importing system key system:win:id=xxx;type=privkey;name=xxx: The requested data were not available.

adding UID means adding the line uid = "1" into user.tmpl.

[nmav]

Thanks. Most likely that's not a CNG key but a key which uses the old CAPI.That will be supported in a future version of openconnect.

[nmav]

Most likely including a gnutls library with this patch applied will address the issue: https://gitlab.com/gnutls/gnutls/commit/fc1e62399a296e7beb7a79081c32a6e086105c37

[nmav]

@l2dy you can test whether this works by copying the libgnutls-30.dll and libnettle-6-2.dll, libhogweed-4-2.dll to your openconnect installed directory. It should address your issue.

[l2dy]

I'm busy right now, will test when I get back home.