Hello, I'm having trouble converting a PKCS12 container to PEM format using PKCS12_parse(). Instead of getting all certificates in the container, I only get one.
Our organization sources SSL keys and certificates in PKCS12 format, but I
want to use them with libcurl, which calls
SSL_CTX_use_certificate_chain_file() and therefore requires converting the
PKCS12 container into two PEM files (one for certificates and one for the
key.)
The openssl pkcs12 tool correctly finds all three certificates, but for
security and robustness I'd rather do it all in the application if possible.
The problem I'm having is that when I call PKCS12_parse(), I get only a single
certificate, even though the container contains a three-certificate chain.
The code I'm doing looks like this:
in_bio = BIO_new_mem_buf(rare->pkcs12, rare->pkcs12_len);
assert(in_bio != NULL);
p12 = d2i_PKCS12_bio(in_bio, NULL);
assert(p12 != NULL);
BIO_free(in_bio);
free(rare->pkcs12);
assert(PKCS12_parse(p12, STS_PKCS_PASSWORD, &pkey, &cert, &ca));
assert(pkey == NULL);
assert(cert == NULL);
assert(sk_X509_num(ca) > 1); // <- This fails.
A sample PKCS12 certificate in question is attached. I look forward to any
help the list can provide.
Thanks,
--Ian Turner
--
Forums for Amanda discussion: http://forums.zmanda.com/
original.pkcs12
Description: Binary data
