Steve,
     Thank you very much for your response. The reason I didn't use 
sk_X509_num() instead of ((STACK *)ca)->num is because I will change the the 
program to load libeay32.dll instead of linking my program with library 
libeay32.lib. sk_X509_num() is a macro and it is the replacement of function 
sk_num(Stack *). I have to load the function at run time in my program before I 
use it. The following is my program that will load libeay32.dll  instead of 
libeay32.lib.

void __cdecl main()
{

    typedef PKCS12 * (__cdecl *d2iPKCS12fpType)(FILE *, PKCS12 **);
    static  d2iPKCS12fpType d2iPKCS12fpPtr = NULL;
    
    typedef int (__cdecl *PKCS12parseType)(PKCS12 *, const char *, EVP_PKEY **, 
X509 **, STACK_OF(X509) **);
    static  PKCS12parseType PKCS12parsePtr = NULL;
    
    typedef EVP_PKEY * (__cdecl *X509getpubkeyType)(X509 *);
    static  X509getpubkeyType X509getpubkeyPtr = NULL;

    static HINSTANCE  dllHandle = NULL;

     PKCS12  *p12;
     X509 *cert;
     STACK_OF(X509) *ca = NULL;
     EVP_PKEY * privateKey;
     EVP_PKEY * publicKey;

     dllHandle = LoadLibrary("libeay32.dll");
     if (dllHandle)
     {
       d2iPKCS12fpPtr = (d2iPKCS12fpType)GetProcAddress(dllHandle, 
"d2i_PKCS12_fp");
       PKCS12parsePtr = (PKCS12parseType)GetProcAddress(dllHandle, 
"PKCS12_parse");
       X509getpubkeyPtr = (X509getpubkeyType)GetProcAddress(dllHandle, 
"X509_get_pubkey");
     }
     else
         printf("dllHandle is null!\n");
     if (d2iPKCS12fpPtr&&PKCS12parsePtr&&X509getpubkeyPtr) {
         printf("loading .dll is successful!\n");
     }
     else
         printf("loading .dll failed!\n");
    
     
     char * keypass = generatePW(); // get password
     FILE * fp = fopen("test.p12", "rb");
     if (!fp)
         printf("Error opening file.");
     p12 = d2iPKCS12fpPtr(fp, NULL);
     if (!p12) {
         printf("p12 is null!");
     }
     else
         printf("p12 is not null!");

     if (!PKCS12parsePtr(p12, keypass, &privateKey, &cert, &ca ))
     {
         printf("Error parsing PKCS12 file");
     }
     if (ca)
         printf(" ca is not null!");
     else
         printf("ca is null!");
      if (cert)
          publicKey = X509getpubkeyPtr(cert);

      if ((!privateKey) || (!publicKey))
      {
           printf("private key or public key is NULL!");
      }
       unsigned int cert_num = ((STACK *)ca)->num;
       printf("number of certificates in CA chain=%d", cert_num);
       return;
}

    So I can not use any macros that are the replacement of openssl functions 
such as sk_X509_new_null(), sk_X509_find(), sk_X509_pop(), etc.
    So what can I do if I need to use these macros? And why was ca empty after 
calling PKCS12parsePtr?  
    Thank you so much for your help!

patty
  
 
"Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:

>On Thu, Jan 13, 2005, [EMAIL PROTECTED] wrote:
>
>> Hello all,
>> 
>>       I want to load and parse certificates from a file(.p12) using 
>> d2i_PKCS12_fp(..) and PKCS12_parse(..). The file contains two certificates. 
>> I want to obtain all of the certificates from the file. But after I called 
>> PKCS12_parse(..) I only got one certificate. I couldn't get the stack of CA 
>> certificates. The prototype of PKCS12_parse() is like this:
>>  
>> PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 
>> STACK_OF(X509) **ca)  
>> 
>> After I called the function I only got pkey and cert. The content of *ca
>> was empty and PKCS12_parse only allocated memory to *ca. But it didn't fill
>> *ca with certificates. My code looked like the following:    
>>      
>>       PKCS12  *p12;
>>       X509 *cert;
>>       STACK_OF(X509) *ca = NULL;
>>       EVP_PKEY * privateKey;
>>       EVP_PKEY * publicKey; 
>>       char * keypass = generatePW(); // get password
>>       FILE * fp = fopen(filename, "rb");
>>       if (!fp)
>>           printf("Error opening file %s ",filename);
>>       p12 = d2i_PKCS12_fp(fp, NULL);
>>       if (!PKCS12_parse(p12, keypass, &privateKey, &cert, &ca ))
>>       {
>>           printf("Error parsing PKCS12 file");
>>       }
>>       if (ca) 
>>           printf(" ca is not null!");
>>       else
>>           printf("ca is null!");
>>        if (cert)
>>            publicKey = X509_get_pubkey(cert);
>> 
>>        if ((!privateKey) || (!publicKey))
>>        {
>>             printf("private key or public key is NULL!");
>>        }
>>         unsigned int cert_num = ((STACK *)ca)->num;
>>         printf("number of certificates in CA chain=%d", cert_num");
>> 
>>         After running it, it prints:
>> 
>>          ca is not null!
>>          number of certificates in CA chain=0
>> 
>> 
>> It looked like that ca was not null but it was empty. I am expecting 
>> PKCS12_parse to fill ca with additional certificates. But it didn't. 
>> Any help is appreciated!
>
>
>Use sk_X509_num() on the ca stack instead of messing around with internals.
>
>Seek if the other certificates can be extracted using the pkcs12 utility.
>
>Steve.
>--
>Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
>OpenSSL project core developer and freelance consultant.
>Funding needed! Details on homepage.
>Homepage: http://www.drh-consultancy.demon.co.uk
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    openssl-users@openssl.org
>Automated List Manager                           [EMAIL PROTECTED]
>

__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to