> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:owner-openssl- > [EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson > Sent: 13 August 2005 17:44 > To: openssl-users@openssl.org > Subject: Re: Newbie question X509 certificate stores > > On Sat, Aug 13, 2005, Chris Morrison wrote: > > > Michael wrote: > > > > >Hi Chris, > > > > > >What type of keystores are you talking about here? (pkcs#12?) > > > > > > > > > > > It's a PKCS#7 store, I am trying to read the certificate store from a > > digitally signed ZIP file. > > > > I have done it with no probs in VC++ using Microsoft's CryptoAPI, you > > just read the data into a buffer, which you use to create a > > CRYPT_DATA_BLOB object that can be passed to the CertOpenStore() > function. > > > > I cannot see how to do this in openSSL, assuming that it can be done. > > > > Ah now that's a different thing entirely. CryptoAPI for its own reasons > decides to allow parsing of certificates only PKCS#7 data using its > certficate store functions. > > OpenSSL instead allows PKCS#7 data to be converted to an internal > structure > called "PKCS7" which contains the details of the parsed data. > > If the relevant data is in memory d2i_PKCS7() will create the structure. > From > then on you can follow the code which is called with the print_certs > function > in apps/pkcs7.c. >
I've finally found time to get back to this project. Thanks for the pointers Steve. However, I've tried using the above call d2i_PKCS7(), but it fails to open the store with the errors below. 4777:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:946: 4777:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=PKCS7 What are these supposed to mean? When is there going to be some documentation for the API of OpenSSL? Chris
smime.p7s
Description: S/MIME cryptographic signature
