Hi all,
Now OpenSSL (0.9.8a) may create p12 with only one pk (no cert and ca).
I.e:
p12 = PKCS12_create(pw, 0, pk, 0, 0, 0, 0, 0, 0, 0);
then it written to disk
and load it again (after some time).
but
PKCS12_parse(p12, pw, &s.pkey, 0, 0);
now not possible to load private key.
This is because some bug in p12_kiss.c:
--- p12_kiss.c Tue Dec 06 16:03:21 2005
+++ p12_kiss.c-ok Fri Dec 09 15:32:00 2005
@@ -237,5 +237,5 @@
case NID_pkcs8ShroudedKeyBag:
- if (!lkey || !pkey) return 1;
+ if (!pkey) return 1;
if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
return 0;
----------------------
needs to lkey.
But lkey is not stored, because no certificate added.
Please let me know, how i'm right or mistake.
Regards,
COFF.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
