On Wed, Dec 14, 2011, Dave Thompson wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar > > Sent: Tuesday, 13 December, 2011 14:37 > > > >I am looking for OpenSSL api to parse pkcs7 bag of > > certificate file that > > >has two certificates a SubCA and the other the leaf cert. > > Is there an openssl api that would enable use to parse this > > pkcs7 bag and > > separate out the certificates. > > > Certs (and CRLs) are often conveyed in a PKCS7 SignedData, > or less often SignedAndEnvelopedData, containing no actual data > and zero SignerInfo's, but 'available' certs and/or CRLs. > > There are routines to parse a PKCS7 object in DER (d2i_PKCS7_) > or PEM (PEM_read_PKCS7). The resulting struct's are not opaque. > If the struct is a signed_data or signedAndEnveloped_data > just take the cert field and get the cert objects from it. > > There is also a commandline utility pkcs7 which given a file > can print the certs in PEM format, which you can then break > apart into the one(s) you want. >
Or if you're using a version of OpenSSL that supports CMS you can use those functions instead for example d2i_CMS_bio(). The CMS structures *are* opaque but the function CMS_get1_certs() will retrieve certificates in the structure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
