From: Danny Grasse <[EMAIL PROTECTED]> Subject: PKCS Date: Wed, 29 Mar 2000 12:14:47 -0500 Message-ID: <[EMAIL PROTECTED]> dlgrasse> We are developing an HTTPS client that talks to a sever dlgrasse> (IIS) that requires a client certificate. For authorization dlgrasse> purposes, we requested a certificate from the server through dlgrasse> Netscape. Then we exported this certificate as a PKCS12 file. dlgrasse> dlgrasse> Here is an excerpt from the code and where it fails: dlgrasse> ----------------------------------------------------------------- dlgrasse> FILE* fpkcs = fopen ("./cert.p12", "r"); You should read them as binary. On a Unix system, that won't matter, but... dlgrasse> PKCS12* pkcs = d2i_PKCS12_fp (fpkcs, NULL); dlgrasse> dlgrasse> X509 crt; dlgrasse> EVP_PKEY pky; dlgrasse> X509* cert = &crt; dlgrasse> EVP_PKEY* pkey = &pky; Hmm, you really only need to initialise them to NULL, but it doesn't really matter... dlgrasse> PKCS12_parse (pkcs, "project15", &pkey, &cert, NULL); You forget to check the return value. You'd better do this: int ret = PKCS12_parse (pkcs, "project15", &pkey, &cert, NULL); if (!ret) { ERR_print_errors_fp(stderr); } else { /* the rest of your stuff */ } dlgrasse> If anybody could enlighten us on what may be happening, dlgrasse> we would greatly appreciate it. I hope you get an error message that does... -- Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
