Re: No passphrase question with PEM_X509_INFO_read_bio

Fri, 26 Jun 2009 16:39:32 -0700 

On Friday 26 June 2009 23:13:24 you wrote:
> Hi,
> I am currently trying to load an encrypted certificate with
>
> PEM_X509_INFO_read_bio(in, sk, asdasd, NULL);
>
> This should read an file with encrypted private key (passphase: secret) and
> not encrypted cert. It should start to read both and then ask for the
> passphrase. I currently test it with following dummy function:
>
> int asdasd(char *buf, int size, int rwflag, void *password)
> {
>       printf("asdasd\n");
>       exit(1);
>       return 1;
> }
>
> The problem is that it will not be called. I did a recheck with
>  PEM_read_bio_PrivateKey(in, NULL, asdasd, NULL);
> and it did ask for the passphrase.
>  PEM_read_bio_X509(in, NULL, asdasd, NULL);
> also didn't asked for an passphrase.
>
> Is there any secret thing I have to do to get this thing working?
>
> My testcode is attached. It should print "asdasd" and return 1. If it
> doesn't print anything and returns (-)1 then it cannot find the server.cert
> in the current directory. If it prints nothing and it returns 0 then it
> didn't asked for the passphrase.
>
> I need to parse a big file with certificates... so I wanted to use
> PEM_X509_INFO_read_bio as this seems to read all at once.
Forgot to say, that I am using "OpenSSL 0.9.8k 25 Mar 2009" and it is good 
enough for me to know that a cert/private key is encrypted. I don't really 
need them in that case. The problem is that key->x_pkey->enc_pkey and key-
>x_pkey->dec_pkey are both not NULL and when I am calling SSL_use_certificate 
with the x509 of the key and afterwards SSL_use_PrivateKey with x_pkey-
>dec_pkey it will just segfault in X509_check_private_key -> EVP_PKEY_cmp. 
This works fine if none of them is encrypted.


Regards,
        Resul Cetin

Attachment: server.cert
Description: application/x509-ca-cert

#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

int asdasd(char *buf, int size, int rwflag, void *password)
{
	printf("asdasd\n");
	exit(1);
	return -1;
}


int main(int argc, char *argv[])
{
	STACK_OF(X509_INFO) *sk;
	BIO *in;

	SSL_load_error_strings();
	ERR_load_BIO_strings();
	SSL_library_init();
	OpenSSL_add_all_algorithms();

	if (!(in = BIO_new(BIO_s_file()))) {
		return 1;
	}
	if (BIO_read_filename(in, "server.cert") <= 0) {
		BIO_free(in);
		return 1;
	}

	ERR_clear_error();

	sk = sk_X509_INFO_new_null();
	if (sk == NULL) {
		BIO_free(in);
		return 1;
	}

	PEM_X509_INFO_read_bio(in, sk, asdasd, NULL);
	/* PEM_read_bio_PrivateKey(in, NULL, asdasd, NULL); */
	/* PEM_read_bio_X509(in, NULL, asdasd, NULL); */

	return 0;
}

Reply via email to