VS2010 - Structural Change in CryptoAPI - v7.0A Vs v6.0A - WinCrypt.h

Question

VS2010 - Structural Change in CryptoAPI - v7.0A Vs v6.0A - WinCrypt.h

In C:\Program Files\Microsoft SDKs\Windows\v7.0A\Include\WinCrypt.h definition of CERT_CHAIN_ENGINE_CONFIG is equal to

 typedef struct _CERT_CHAIN_ENGINE_CONFIG { DWORD cbSize; HCERTSTORE hRestrictedRoot; HCERTSTORE hRestrictedTrust; HCERTSTORE hRestrictedOther; DWORD cAdditionalStore; HCERTSTORE* rghAdditionalStore; DWORD dwFlags; DWORD dwUrlRetrievalTimeout; // milliseconds DWORD MaximumCachedCertificates; DWORD CycleDetectionModulus; *#if (NTDDI_VERSION >= NTDDI_WIN7) HCERTSTORE hExclusiveRoot; HCERTSTORE hExclusiveTrustedPeople; #endif* } CERT_CHAIN_ENGINE_CONFIG, *PCERT_CHAIN_ENGINE_CONFIG;

I am using visual studio 2010 on an XP sp3 machine, in which case I expect the next two elements in the above structure to be grayed out. But this is not happening

 #if (NTDDI_VERSION >= NTDDI_WIN7) HCERTSTORE hExclusiveRoot; HCERTSTORE hExclusiveTrustedPeople; #endif

NTDDI_VERSION in turn, is defined in sdkddkver.h as follows, and _WIN32_WINNT somehow assumes the value NTDDI_WIN7 , which is incorrect in my case, since my machine is XP SP3.

 #if !defined(_WIN32_WINNT) && !defined(_CHICAGO_) #define _WIN32_WINNT 0x0601 #endif #ifndef NTDDI_VERSION #ifdef _WIN32_WINNT // set NTDDI_VERSION based on _WIN32_WINNT #define NTDDI_VERSION NTDDI_VERSION_FROM_WIN32_WINNT(_WIN32_WINNT) #else #define NTDDI_VERSION 0x06010000 #endif #endif

The above two elements of the CERT_CHAIN_ENGINE_CONFIG structure in question are not present in C:\Program Files\Microsoft SDKs\Windows\v6.0A\Include\WinCrypt.h But my visual studio project in 2010 automatically draws the header and lib files from C:\Program Files\Microsoft SDKs\Windows\v7.0A\Include\WinCrypt.h Due to conflicting structures, I get parameter is incorrect

Please advise how can I deal with this problem?

Should I install visual studio 2010 sp1?

I found one link on the Internet that says that initializing the structure will solve the problem, but it won’t, because the two parameters in the question will not be grayed out and will be used in the construction.

Update1:

My project settings:

enter image description here $ (VCInstalDir) → C: \ Program Files \ Microsoft Visual Studio 10.0 \ VC

$ (WindowsSdkDir) → C: \ Program Files \ Microsoft SDK \ Windows \ v7.0A

$ (FrameworkSdkDir) → C: \ Program Files \ Microsoft SDK \ Windows \ v7.0A

Library file settings,

 $(VCInstallDir)lib $(VCInstallDir)atlmfc\lib $(WindowsSdkDir)lib $(FrameworkSDKDir)\lib

UPDATE 2: My preprocessor definition

 WIN32;_DEBUG;_WINDOWS;_USRDLL;MY_DLL_EXPORTS;%(PreprocessorDefinitions)

% (PreprocessorDefinitions) inherited values as follows

 _WINDLL _MBCS

thanks

+7

c ++ certificate visual-c ++ visual-studio-2010 cryptoapi

Raj Jun 21 '11 at 17:12

source share

2 answers

NTDDI_WIN7 value, which in my case is incorrect, since my device is XP SP3.

As I understand it, the variables are initialized in accordance with the system you are targeting, and not with which system you are compiling the code. Therefore, you need to look at the settings of your project and see what your target platform is, what headers are indicated, etc.

+4

Eugene Mayevski 'Allied Bits Jun 21 '11 at 18:05

source share

Oleg · Accepted Answer · 2011-07-01T14:28:42+0000

The problem you have can be easily explained. If you use v7.0A or v7.1, you can compile your project so that it works under Windows 7. Thus, the default value for _WIN32_WINNT is 0x0601 .

If you want to compile the program so that it works in Windows XP, you can explicitly specify WINVER and _WIN32_WINNT . This is usually done in the Visual Studio project settings inside the preprocessor definitions. If you do this, the corresponding part of the CERT_CHAIN_ENGINE_CONFIG structure will be grayed out as you like.

In most cases, and in the case of CERT_CHAIN_ENGINE_CONFIG this is really not required. The Windows APIs are designed mainly so that you will not have problems using the CERT_CHAIN_ENGINE_CONFIG defined for Windows 7 if you run the program on Windows XP. If you define

 #define WINVER 0x0500 #define _WIN32_WINNT 0x0500

(or 0x0501 instead of 0x0500 ) you can run your program on Windows 7, but you cannot use the hExclusiveRoot and hExclusiveTrustedPeople . The reason is the cbSize field, which you must initialize as sizeof(CERT_CHAIN_ENGINE_CONFIG) . It gives CertCreateCertificateChainEngine enough information about the size of the input structure CERT_CHAIN_ENGINE_CONFIG . If cbSize , the last HCERTSTORE hExclusiveRoot and hExclusiveTrustedPeople will simply not be used.

VS2010 - Structural Change in CryptoAPI - v7.0A Vs v6.0A - WinCrypt.h

More articles: