Using X509 cert from a PKCS#12 certificate.

Tue, 14 Sep 1999 19:53:29 -0700 

Hi,

I am having trouble using the "X509* ssl_public_cert" created from the code
at the end of this message. This code runs fine without error, but when I
call: 

SSL_use_certificate(ssl_con, ssl_public_cert) (or
SSL_CTX_use_certificate(...) )

It fails with SSL_R_UNKNOWN_CERTIFICATE_TYPE. I did some debugging and it
fails trying to find out what "type" 

type=OBJ_obj2nid(ASN1_OBJECT *x->cert_info->key->algor->algorithm);

this gives back a invalid type. Everything seems fine till it tries to
search the ASN1_OBJECT.

I have tryed using many different p12 certificates and all give the same
error, and yet all appear find when using the openssl tool. Even a PEM
certificate which works fine, when converted to pkcs#12 format fails.

I am using version Openssl 0.9.3a, and the same thing happens on NT,
Solaris and OSF1.

Any ideas would be greatly appreciated. Thanks.

Best Regards,

Jimmy

/* PKCS12 format */
       PKCS12 *p12=NULL;
       EVP_PKEY *pkey;
       X509 *cert;

       if ((fp=fopen(certificate_file, "r"))==NULL)
           dce_svc_printf(WAND_S_CANT_FOPEN_MSG, certificate_file, "r",
errno);   
       
       if ((ssl_public_cert=X509_new()) == NULL)
           dce_svc_printf(WAND_S_NO_MEMORY_MSG);

       if ((ssl_private_key=RSA_new()) == NULL)
           dce_svc_printf(WAND_S_NO_MEMORY_MSG);

       if (!(p12 = d2i_PKCS12_fp(fp,NULL))) {
           dce_svc_printf(SDG_S_PKCS12_READ_MSG,
                        certificate_file, sslerrno());
           }
       if (!PKCS12_parse(p12, pass_key, &pkey, &cert, NULL)) {
           dce_svc_printf(SDG_S_PKCS12_PARSE_MSG,
                        certificate_file, sslerrno());
           }
       memcpy((void *)ssl_public_cert, (void *)cert, sizeof (X509));
       X509_free(cert);

       if (pkey->type == EVP_PKEY_RSA) {
          memcpy((void *)ssl_private_key, pkey->pkey.ptr, sizeof(struct
rsa_st))
;
       }
       else {
                 dce_svc_printf(SDG_S_X509_READ_MSG,
                        key_file, sslerrno());
           }
       PKCS12_free(p12);
       EVP_PKEY_free(pkey);
       fclose(fp);
 
----------------------------------------------------------
    James Darwin                   [EMAIL PROTECTED]
 Senior Software Engineer          http://www.dascom.com
  DASCOM Australia.  
----------------------------------------------------------

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to