As far as I know, CURL (app and library) is perfectly happy to use a text file
comprised of concatenated PEM certificates.
I really wonder if there’s a real use case.
On May 22, 2020, at 18:49, Salz, Rich via openssl-users
wrote:
application/pkix-pkipath
Defined in RFC4366 (section 8) and
* application/pkix-pkipath
* Defined in RFC4366 (section 8) and RFC6066 (section 10.1)
I doubt that it is worth doing this. First, because OpenSSL doesn’t support it
now, then CURL (what the original poster was talking about) can’t use it when
using OpenSSL. Instead, as others have po
On Fri, May 22, 2020 at 04:31:02PM -0500, Kyle Hamilton wrote:
> application/pkix-pkipath
> Defined in RFC4366 (section 8) and RFC6066 (section 10.1)
>
> PkiPath ::= SEQUENCE OF Certificate
>
> Within the sequence, the order of certificates is such that the subject of
> the first certificate is
application/pkix-pkipath
Defined in RFC4366 (section 8) and RFC6066 (section 10.1)
PkiPath ::= SEQUENCE OF Certificate
Within the sequence, the order of certificates is such that the subject of
the first certificate is the issuer of the second certificate, etc.
(It's also defined in ITU-T Recomm
On Thu, May 21, 2020 at 06:53:39PM -0400, paul h. roubekas wrote:
> I have a requirement to convert all certs in a *.p12 file to a *.der file
> for use in the curl command.
Perhaps I can crystalise some of the replies for you. The basic issue
is that **DER is not a file format**, rather:
*
I'm pretty sure I can find it on my own. Not saying that I won't
thankfully receive links to interesting information, mind you!
That being said, there is currently no support (no deserializer) for
PKIpath in OpenSSL.
(BTW, since it's a SEQUENCE OF, the outermost object in such a DER
file amounts
There is a format that puts all DER certificates into a single
DER-formatted structure. It is called PKIpath, and it's defined as
`SEQUENCE OF Certificate`. The problem with it is that its order was
standardized by X.509 2001 TC1 to begin with the root and continue to the
leaf, which is backwards
Generally speaking, OpenSSL hasn't exactly encouraged multiple objects
in one DER file. While it's theoretically possible to have several
objects in such a file file, there is code in OpenSSL where that's
simply not considered. For example, this snippet in the man-page
'X509_LOOKUP_file' is quite
If you need multiple certificates in a single DER structure, you're looking
for something to create a "PKIpath". I've never heard of curl requiring
such, though. Chances are it will handle the PEM chain just fine.
What curl command line are you trying to use?
-Kyle H
On Thu, May 21, 2020, 18:00
