Hi,
I have looked through the openssl-dev archives and have not found any
references to using PKCS12 certificates - only how to create/manipulate
them with the openssl tool etc.
Has anyone successfully created an SSL server application linked against
the openssl libraries, that uses a PKCS12 certificates?
Any help would be most appreciated...
C ya,
Jimmy
>Hi,
>
>I am having trouble using the "X509* ssl_public_cert" created from the code
>at the end of this message. This code runs fine without error, but when I
>call:
>
>SSL_use_certificate(ssl_con, ssl_public_cert) (or
>SSL_CTX_use_certificate(...) )
>
>It fails with SSL_R_UNKNOWN_CERTIFICATE_TYPE. I did some debugging and it
>fails trying to find out what "type"
>
>type=OBJ_obj2nid(ASN1_OBJECT *x->cert_info->key->algor->algorithm);
>
>this gives back a invalid type. Everything seems fine till it tries to
>search the ASN1_OBJECT.
>
>I have tryed using many different p12 certificates and all give the same
>error, and yet all appear find when using the openssl tool. Even a PEM
>certificate which works fine, when converted to pkcs#12 format fails.
>
>I am using version Openssl 0.9.3a, and the same thing happens on NT,
>Solaris and OSF1.
>
>Any ideas would be greatly appreciated. Thanks.
>
>Best Regards,
>
>Jimmy
>
>/* PKCS12 format */
> PKCS12 *p12=NULL;
> EVP_PKEY *pkey;
> X509 *cert;
>
> if ((fp=fopen(certificate_file, "r"))==NULL)
> dce_svc_printf(WAND_S_CANT_FOPEN_MSG, certificate_file, "r",
>errno);
>
> if ((ssl_public_cert=X509_new()) == NULL)
> dce_svc_printf(WAND_S_NO_MEMORY_MSG);
>
> if ((ssl_private_key=RSA_new()) == NULL)
> dce_svc_printf(WAND_S_NO_MEMORY_MSG);
>
> if (!(p12 = d2i_PKCS12_fp(fp,NULL))) {
> dce_svc_printf(SDG_S_PKCS12_READ_MSG,
> certificate_file, sslerrno());
> }
> if (!PKCS12_parse(p12, pass_key, &pkey, &cert, NULL)) {
> dce_svc_printf(SDG_S_PKCS12_PARSE_MSG,
> certificate_file, sslerrno());
> }
> memcpy((void *)ssl_public_cert, (void *)cert, sizeof (X509));
> X509_free(cert);
>
> if (pkey->type == EVP_PKEY_RSA) {
> memcpy((void *)ssl_private_key, pkey->pkey.ptr, sizeof(struct
>rsa_st))
>;
> }
> else {
> dce_svc_printf(SDG_S_X509_READ_MSG,
> key_file, sslerrno());
> }
> PKCS12_free(p12);
> EVP_PKEY_free(pkey);
> fclose(fp);
>
>----------------------------------------------------------
> James Darwin [EMAIL PROTECTED]
> Senior Software Engineer http://www.dascom.com
> DASCOM Australia.
>----------------------------------------------------------
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>Development Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
----------------------------------------------------------
James Darwin [EMAIL PROTECTED]
DASCOM Australia. http://www.dascom.com
----------------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
