Emmy Chen wrote:
>
> Hi all:
>
> I have a problem here regarding exchange the format between .p12 and .pem.
>
> I generated a private key and public key from netscape v4.5 and
> issue a certificate using the CA built from openssl-0.9.3.a.
> I can export it from Netscape and import it to IE4.0 successfully too.
> I export the private key and x.509 certificate from netscape with p12
> format.
> Then I use the program which I derived from openssl-0.9.3a to parse out the
> private key and certificate.
> After that, I use the program derived from openssl-0.9.3.a to compose a p12
> file with same
> private key and certificate that I got from the above steps.
> And then Netscape and IE not read my p12 file.
>
> Please help me out about this problem. Attached are my .c file and the p12
> file.
>
I've tried your program and it works fine under Linux and OpenSSL 0.9.4.
However the PKCS#12 file you include is corrupted. One problem at least
is this bit:
> fseek(fp,0,SEEK_END);
>
> len = ftell(fp);
>
> fseek(fp,0,SEEK_SET);
>
> mykey = (char *)malloc(len);
>
> fread(mykey,len,1,fp);
>
> fclose(fp);
> d2i_PKCS12(&p12, &mykey, len);
>
The last line will end up incrementing the pointer "mykey" which will
cause problems if you free() it up. This can all be replaced with:
p12 = d2i_PKCS12_fp(fp, NULL);
fclose(fp);
Also later on you do:
> if((fp = fopen("hailong_chen1.p12","w")) == NULL)
it should really be "wb" because the PKCS#12 file is binary.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
