Hi Dave, Thanks a lot for your response. I will try this out.
Thanks Anamitra On 12/13/11 9:46 PM, "Dave Thompson" <dthomp...@prinpay.com> wrote: >> From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta >>Majumdar >> Sent: Tuesday, 13 December, 2011 14:37 > >> >I am looking for OpenSSL api to parse pkcs7 bag of >> certificate file that >> >has two certificates a SubCA and the other the leaf cert. >> Is there an openssl api that would enable use to parse this >> pkcs7 bag and >> separate out the certificates. >> >Certs (and CRLs) are often conveyed in a PKCS7 SignedData, >or less often SignedAndEnvelopedData, containing no actual data >and zero SignerInfo's, but 'available' certs and/or CRLs. > >There are routines to parse a PKCS7 object in DER (d2i_PKCS7_) >or PEM (PEM_read_PKCS7). The resulting struct's are not opaque. >If the struct is a signed_data or signedAndEnveloped_data >just take the cert field and get the cert objects from it. > >There is also a commandline utility pkcs7 which given a file >can print the certs in PEM format, which you can then break >apart into the one(s) you want. > > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
