Hi everyone. I'm having some problem with the SSL_CTX_add_extra_chain_cert function related with the use with pkcs12 certificate file. Here's the situation:
I want to add to the verification tree of the CA certs the certs stored in the pkcs12 file, but I get some problem using the function above. If i previously extract the certs from the PKCS12 file and store them on the disk then i can use the SSL_CTX_load_verify_location and pass to it the file name or the file path: everything works well if I act this way. The CA certs verification succeeds and then I can go on building up a connection. Now the problem is that I don't want to extract the certs from the pkcs12 and store them on the disk. I parse the p12 file and get a STACK_OF(X509) with the CA certs. I call sk_x509_pop and then add the CA certs one by one to the verification tree manually with SSL_CTX_add_extra_chain_cert, which doesn't return any error. However when I run the application it crashes with a fatal and actually I can't yet understand the reason. I've also tried to call SSL_CTX_set_mode(ctx, SSL_MODE_NO_AUTO_CHAIN) to avoid the automatically costruction of chains but the situation deosn't change at all. I'm using OpenSSL 0.9.8g. Does anyone know why I'm getting with problem? Thanks anyone for every suggestion. Regards Matteo
