Steve, Thank you very much for your response. The reason I didn't use sk_X509_num() instead of ((STACK *)ca)->num is because I will change the the program to load libeay32.dll instead of linking my program with library libeay32.lib. sk_X509_num() is a macro and it is the replacement of function sk_num(Stack *). I have to load the function at run time in my program before I use it. The following is my program that will load libeay32.dll instead of libeay32.lib.
void __cdecl main() { typedef PKCS12 * (__cdecl *d2iPKCS12fpType)(FILE *, PKCS12 **); static d2iPKCS12fpType d2iPKCS12fpPtr = NULL; typedef int (__cdecl *PKCS12parseType)(PKCS12 *, const char *, EVP_PKEY **, X509 **, STACK_OF(X509) **); static PKCS12parseType PKCS12parsePtr = NULL; typedef EVP_PKEY * (__cdecl *X509getpubkeyType)(X509 *); static X509getpubkeyType X509getpubkeyPtr = NULL; static HINSTANCE dllHandle = NULL; PKCS12 *p12; X509 *cert; STACK_OF(X509) *ca = NULL; EVP_PKEY * privateKey; EVP_PKEY * publicKey; dllHandle = LoadLibrary("libeay32.dll"); if (dllHandle) { d2iPKCS12fpPtr = (d2iPKCS12fpType)GetProcAddress(dllHandle, "d2i_PKCS12_fp"); PKCS12parsePtr = (PKCS12parseType)GetProcAddress(dllHandle, "PKCS12_parse"); X509getpubkeyPtr = (X509getpubkeyType)GetProcAddress(dllHandle, "X509_get_pubkey"); } else printf("dllHandle is null!\n"); if (d2iPKCS12fpPtr&&PKCS12parsePtr&&X509getpubkeyPtr) { printf("loading .dll is successful!\n"); } else printf("loading .dll failed!\n"); char * keypass = generatePW(); // get password FILE * fp = fopen("test.p12", "rb"); if (!fp) printf("Error opening file."); p12 = d2iPKCS12fpPtr(fp, NULL); if (!p12) { printf("p12 is null!"); } else printf("p12 is not null!"); if (!PKCS12parsePtr(p12, keypass, &privateKey, &cert, &ca )) { printf("Error parsing PKCS12 file"); } if (ca) printf(" ca is not null!"); else printf("ca is null!"); if (cert) publicKey = X509getpubkeyPtr(cert); if ((!privateKey) || (!publicKey)) { printf("private key or public key is NULL!"); } unsigned int cert_num = ((STACK *)ca)->num; printf("number of certificates in CA chain=%d", cert_num); return; } So I can not use any macros that are the replacement of openssl functions such as sk_X509_new_null(), sk_X509_find(), sk_X509_pop(), etc. So what can I do if I need to use these macros? And why was ca empty after calling PKCS12parsePtr? Thank you so much for your help! patty "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote: >On Thu, Jan 13, 2005, [EMAIL PROTECTED] wrote: > >> Hello all, >> >> I want to load and parse certificates from a file(.p12) using >> d2i_PKCS12_fp(..) and PKCS12_parse(..). The file contains two certificates. >> I want to obtain all of the certificates from the file. But after I called >> PKCS12_parse(..) I only got one certificate. I couldn't get the stack of CA >> certificates. The prototype of PKCS12_parse() is like this: >> >> PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, >> STACK_OF(X509) **ca) >> >> After I called the function I only got pkey and cert. The content of *ca >> was empty and PKCS12_parse only allocated memory to *ca. But it didn't fill >> *ca with certificates. My code looked like the following: >> >> PKCS12 *p12; >> X509 *cert; >> STACK_OF(X509) *ca = NULL; >> EVP_PKEY * privateKey; >> EVP_PKEY * publicKey; >> char * keypass = generatePW(); // get password >> FILE * fp = fopen(filename, "rb"); >> if (!fp) >> printf("Error opening file %s ",filename); >> p12 = d2i_PKCS12_fp(fp, NULL); >> if (!PKCS12_parse(p12, keypass, &privateKey, &cert, &ca )) >> { >> printf("Error parsing PKCS12 file"); >> } >> if (ca) >> printf(" ca is not null!"); >> else >> printf("ca is null!"); >> if (cert) >> publicKey = X509_get_pubkey(cert); >> >> if ((!privateKey) || (!publicKey)) >> { >> printf("private key or public key is NULL!"); >> } >> unsigned int cert_num = ((STACK *)ca)->num; >> printf("number of certificates in CA chain=%d", cert_num"); >> >> After running it, it prints: >> >> ca is not null! >> number of certificates in CA chain=0 >> >> >> It looked like that ca was not null but it was empty. I am expecting >> PKCS12_parse to fill ca with additional certificates. But it didn't. >> Any help is appreciated! > > >Use sk_X509_num() on the ca stack instead of messing around with internals. > >Seek if the other certificates can be extracted using the pkcs12 utility. > >Steve. >-- >Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage >OpenSSL project core developer and freelance consultant. >Funding needed! Details on homepage. >Homepage: http://www.drh-consultancy.demon.co.uk >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager [EMAIL PROTECTED] > __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]