How to get a stack of CA certificates from PKCS12_parse?

Thu, 13 Jan 2005 07:25:52 -0800 

Hello all,

      I want to load and parse certificates from a file(.p12) using 
d2i_PKCS12_fp(..) and PKCS12_parse(..). The file contains two certificates. I 
want to obtain all of the certificates from the file. But after I called 
PKCS12_parse(..) I only got one certificate. I couldn't get the stack of CA 
certificates. The prototype of PKCS12_parse() is like this:
 
PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 
STACK_OF(X509) **ca)  

After I called the function I only got pkey and cert. The content of *ca
was empty and PKCS12_parse only allocated memory to *ca. But it didn't fill
*ca with certificates. My code looked like the following:    
     
      PKCS12  *p12;
      X509 *cert;
      STACK_OF(X509) *ca = NULL;
      EVP_PKEY * privateKey;
      EVP_PKEY * publicKey; 
      char * keypass = generatePW(); // get password
      FILE * fp = fopen(filename, "rb");
      if (!fp)
          printf("Error opening file %s ",filename);
      p12 = d2i_PKCS12_fp(fp, NULL);
      if (!PKCS12_parse(p12, keypass, &privateKey, &cert, &ca ))
      {
          printf("Error parsing PKCS12 file");
      }
      if (ca) 
          printf(" ca is not null!");
      else
          printf("ca is null!");
       if (cert)
           publicKey = X509_get_pubkey(cert);

       if ((!privateKey) || (!publicKey))
       {
            printf("private key or public key is NULL!");
       }
        unsigned int cert_num = ((STACK *)ca)->num;
        printf("number of certificates in CA chain=%d", cert_num");

        After running it, it prints:

         ca is not null!
         number of certificates in CA chain=0


It looked like that ca was not null but it was empty. I am expecting 
PKCS12_parse to fill ca with additional certificates. But it didn't. 
Any help is appreciated!

patty         

 

__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to