Dr. Stephen Henson wrote:
PKCS12_parse() in its current form will only handle well formed PKCS#12 files
which contain a private key, its corresponding certificate and zero or more
CA certificates.
The PKCS#12 standard doesn't seem to require that a PKCS#12 files
contains all of this, I've seen some with only private keys, and also
with only certificates.
Is there a way openssl can handle the format so a whole certificat chain
is associated to the private not just its corresponding certificate ?
Sorry I don't know what exactly it corresponds to technically but
usually PKCS#12 loaded from java appear as you describe "1 key entry,
together with a certificate, n ca cert entry", but it's possible to
create a pkcs#12 that appears to java as "1 key entry, together with a
certificate chain, n ca cert entry".
Until now I have been able to create such p12 only with java tools,
never with openssl.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
