> From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar > Sent: Tuesday, 13 December, 2011 14:37
> >I am looking for OpenSSL api to parse pkcs7 bag of > certificate file that > >has two certificates a SubCA and the other the leaf cert. > Is there an openssl api that would enable use to parse this > pkcs7 bag and > separate out the certificates. > Certs (and CRLs) are often conveyed in a PKCS7 SignedData, or less often SignedAndEnvelopedData, containing no actual data and zero SignerInfo's, but 'available' certs and/or CRLs. There are routines to parse a PKCS7 object in DER (d2i_PKCS7_) or PEM (PEM_read_PKCS7). The resulting struct's are not opaque. If the struct is a signed_data or signedAndEnveloped_data just take the cert field and get the cert objects from it. There is also a commandline utility pkcs7 which given a file can print the certs in PEM format, which you can then break apart into the one(s) you want. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
