From 35e318c03c0f8f15be2317042962758bda006efb Mon Sep 17 00:00:00 2001
From: Wytze van der Raay <wytze@cacert.org>
Date: Thu, 6 Feb 2014 15:52:57 +0000
Subject: [PATCH] Fix for https://bugs.cacert.org/view.php?id=1218 "client cert
 issued no longer exportable with private key (class3). IE10 certs usage
 broken"

---
 www/keygenIE.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/www/keygenIE.js b/www/keygenIE.js
index be2d184..4c15b23 100644
--- a/www/keygenIE.js
+++ b/www/keygenIE.js
@@ -247,6 +247,7 @@ var CAcert_keygen_IE = function () {
 			privateKey.Algorithm = algorithmOid;
 			privateKey.Length = bits;
 			privateKey.KeyUsage = 0xffffff; // XCN_NCRYPT_ALLOW_ALL_USAGES
+			privateKey.ExportPolicy = 0x1; // XCN_NCRYPT_ALLOW_EXPORT_FLAG
 
 			var request = factory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
 			request.InitializeFromPrivateKey(
@@ -545,7 +546,8 @@ var CAcert_keygen_IE = function () {
 			}
 
 			cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits
-			//cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE
+			// Allow exporting the private key
+			cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE
 
 			generatingKeyNotice.style.display = "";