On Tue, Dec 28, 2004, sravan wrote: > Dr. Stephen Henson wrote: > > >On Tue, Dec 28, 2004, sravan wrote: > > > > > > > >><>Hello all, > >>sorry for repetition but the thread involving my doubt (regd load_cert() > >>in apps.c) was abruptly ended. > >>i want to know if that doubt is my mis-understanding or a bug. > >>basically i was trying to read the certificate from a .p12 file. > >> > >> > > > >There can be several certificates in a PKCS#12 file and the one loaded > >using > >that option might not necessarily be the one you want. > > > >I'd advise converting the file using the pkcs12 utility and using the > >command > >line options to output the appropriate certificate. > > > >Steve. > > > > > thanks for the reply Steve. > my problem is that i need to extract the certificate from the p12 file > through a program. > it is assured that the p12 file doesn't contain any other > certificates(in the chain). > it contains only the one that corresponds to the private key. > anyway, as you have indicated, i can have the certificate from the > pkcs12 utility and can use the certificate in my program. > But my doubt is why a NULL is being passed to PKCS12_Parse() in the > load_cert() method. was it deliberate ? >
It's a bug. Although OpenSSL can create PKCS#12 files without an encrypted certificate no browser I know of will. In any case the password might still be used for checking the integrity of the file. It should really always ask for a password, or better still handle the PKCS#12 file as a special case and obtain user certificate, private key and optionally additional certificates from it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
