On Friday 20 June 2003 11:39, Wu Junwei wrote:
...
> I would like to know , when use the -signer or -signkey option of the OCSP,
> is there any format limitation of this signer file or signer key file?
from apps/oscp.c:
'rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, ...)' => apps/ocsp.c
expects PEM encoded private keys (the normal OpenSSL internal format
or PKCS#8).
> I have a PKCS#12 certificate1(can be found in the end of this mail ) which
> contains private key and the certificate itself.
> But it seems the program can not get the private key.
extract the private key with the 'openssl pkcs12 ...' utility and use this one
> And when I use a PKCS#12 certificate2 exported from IE, it is a pfx file ,
> to test the load_key() function in app.c,
> (of course I changed the argument to FORMAT_PKCS12 ), it seems it can get
> the private key.
>
> so I do not know which certificate file format the load_key() can use.
load_key could accept PKCS#12 files but load_key was called with the
'FORMAT_PEM' parameter and therefore apps/ocsp.c does not accept
PKCS#12 files.
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
