>From: [email protected] On Behalf Of [email protected]
>Sent: Monday, 21 May, 2012 10:31
(-dev and owner- !! dropped)
>I tried to load the .p12 certs to the code directly, but it got
>failed at SSL_CTX_use_PrivateKey_file
>1. err = SSL_CTX_use_certificate_chain_file(ctx, KeyFile);
>2. SSL_CTX_set_default_passwd_cb(ctx, passwd);
>3. err = SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM);
>4. SSL_CTX_check_private_key(ctx);
_use_PrivateKey_file only handles PKCS8 format.
For PKCS12, you need to use different routines.
For the simple case of just a key & cert/chain,
it appears you can call d2i_PKCS12_{bio,fp} and PKCS12_parse
then SSL_[CTX_]use_{PrivateKey,certificate}
and SSL_CTX_add_extra_chain_cert for each chain cert
or if you just put the chain certs in the cert_store
in your SSL_CTX it should find then automatically.
(There are more detailed PKCS12_* routines for other cases.)
Alternatively, use commandline pkcs12 to convert the PKCS12
to PKCS8-privatekey and (X509-)certificates
and arrange into files appropriately and use those.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
