On Thu, Jan 13, 2005, [EMAIL PROTECTED] wrote: > Hello all, > > I want to load and parse certificates from a file(.p12) using > d2i_PKCS12_fp(..) and PKCS12_parse(..). The file contains two certificates. I > want to obtain all of the certificates from the file. But after I called > PKCS12_parse(..) I only got one certificate. I couldn't get the stack of CA > certificates. The prototype of PKCS12_parse() is like this: > > PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, > STACK_OF(X509) **ca) > > After I called the function I only got pkey and cert. The content of *ca > was empty and PKCS12_parse only allocated memory to *ca. But it didn't fill > *ca with certificates. My code looked like the following: > > PKCS12 *p12; > X509 *cert; > STACK_OF(X509) *ca = NULL; > EVP_PKEY * privateKey; > EVP_PKEY * publicKey; > char * keypass = generatePW(); // get password > FILE * fp = fopen(filename, "rb"); > if (!fp) > printf("Error opening file %s ",filename); > p12 = d2i_PKCS12_fp(fp, NULL); > if (!PKCS12_parse(p12, keypass, &privateKey, &cert, &ca )) > { > printf("Error parsing PKCS12 file"); > } > if (ca) > printf(" ca is not null!"); > else > printf("ca is null!"); > if (cert) > publicKey = X509_get_pubkey(cert); > > if ((!privateKey) || (!publicKey)) > { > printf("private key or public key is NULL!"); > } > unsigned int cert_num = ((STACK *)ca)->num; > printf("number of certificates in CA chain=%d", cert_num"); > > After running it, it prints: > > ca is not null! > number of certificates in CA chain=0 > > > It looked like that ca was not null but it was empty. I am expecting > PKCS12_parse to fill ca with additional certificates. But it didn't. > Any help is appreciated!
Use sk_X509_num() on the ca stack instead of messing around with internals. Seek if the other certificates can be extracted using the pkcs12 utility. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]