Hi,
The behavior of this function in openssl 1.0.1 seems changed (compared with
0.9.8d).
In the early release, the user key parameter could be NULL if only the user
cert was interested.
e.g. PKCS12_parse(p12, password, NULL, &cert, NULL) used to return the cert.
In 1.0.1, both the key and the cert parameter have to be non-NULL (may not be
initialized though),
Otherwise the cert will not be returned. See code in evp_pbe.c:
133 while ((x = sk_X509_pop(ocerts)))
134 {
135 if (pkey && *pkey && cert && !*cert)
136 {
137 if (X509_check_private_key(x, *pkey))
138 {
139 *cert = x; <== cert is only returned when both pkey
and cert are not NULL
140 x = NULL;
141 }
142 }
Is this change intended or a bug?
Thanks,
-binlu
