Steve,
Thank you very much for your response. The reason I didn't use
sk_X509_num() instead of ((STACK *)ca)->num is because I will change the the
program to load libeay32.dll instead of linking my program with library
libeay32.lib. sk_X509_num() is a macro and it is the replacement of function
sk_num(Stack *). I have to load the function at run time in my program before I
use it. The following is my program that will load libeay32.dll instead of
libeay32.lib.
void __cdecl main()
{
typedef PKCS12 * (__cdecl *d2iPKCS12fpType)(FILE *, PKCS12 **);
static d2iPKCS12fpType d2iPKCS12fpPtr = NULL;
typedef int (__cdecl *PKCS12parseType)(PKCS12 *, const char *, EVP_PKEY **,
X509 **, STACK_OF(X509) **);
static PKCS12parseType PKCS12parsePtr = NULL;
typedef EVP_PKEY * (__cdecl *X509getpubkeyType)(X509 *);
static X509getpubkeyType X509getpubkeyPtr = NULL;
static HINSTANCE dllHandle = NULL;
PKCS12 *p12;
X509 *cert;
STACK_OF(X509) *ca = NULL;
EVP_PKEY * privateKey;
EVP_PKEY * publicKey;
dllHandle = LoadLibrary("libeay32.dll");
if (dllHandle)
{
d2iPKCS12fpPtr = (d2iPKCS12fpType)GetProcAddress(dllHandle,
"d2i_PKCS12_fp");
PKCS12parsePtr = (PKCS12parseType)GetProcAddress(dllHandle,
"PKCS12_parse");
X509getpubkeyPtr = (X509getpubkeyType)GetProcAddress(dllHandle,
"X509_get_pubkey");
}
else
printf("dllHandle is null!\n");
if (d2iPKCS12fpPtr&&PKCS12parsePtr&&X509getpubkeyPtr) {
printf("loading .dll is successful!\n");
}
else
printf("loading .dll failed!\n");
char * keypass = generatePW(); // get password
FILE * fp = fopen("test.p12", "rb");
if (!fp)
printf("Error opening file.");
p12 = d2iPKCS12fpPtr(fp, NULL);
if (!p12) {
printf("p12 is null!");
}
else
printf("p12 is not null!");
if (!PKCS12parsePtr(p12, keypass, &privateKey, &cert, &ca ))
{
printf("Error parsing PKCS12 file");
}
if (ca)
printf(" ca is not null!");
else
printf("ca is null!");
if (cert)
publicKey = X509getpubkeyPtr(cert);
if ((!privateKey) || (!publicKey))
{
printf("private key or public key is NULL!");
}
unsigned int cert_num = ((STACK *)ca)->num;
printf("number of certificates in CA chain=%d", cert_num);
return;
}
So I can not use any macros that are the replacement of openssl functions
such as sk_X509_new_null(), sk_X509_find(), sk_X509_pop(), etc.
So what can I do if I need to use these macros? And why was ca empty after
calling PKCS12parsePtr?
Thank you so much for your help!
patty
"Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
>On Thu, Jan 13, 2005, [EMAIL PROTECTED] wrote:
>
>> Hello all,
>>
>> I want to load and parse certificates from a file(.p12) using
>> d2i_PKCS12_fp(..) and PKCS12_parse(..). The file contains two certificates.
>> I want to obtain all of the certificates from the file. But after I called
>> PKCS12_parse(..) I only got one certificate. I couldn't get the stack of CA
>> certificates. The prototype of PKCS12_parse() is like this:
>>
>> PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
>> STACK_OF(X509) **ca)
>>
>> After I called the function I only got pkey and cert. The content of *ca
>> was empty and PKCS12_parse only allocated memory to *ca. But it didn't fill
>> *ca with certificates. My code looked like the following:
>>
>> PKCS12 *p12;
>> X509 *cert;
>> STACK_OF(X509) *ca = NULL;
>> EVP_PKEY * privateKey;
>> EVP_PKEY * publicKey;
>> char * keypass = generatePW(); // get password
>> FILE * fp = fopen(filename, "rb");
>> if (!fp)
>> printf("Error opening file %s ",filename);
>> p12 = d2i_PKCS12_fp(fp, NULL);
>> if (!PKCS12_parse(p12, keypass, &privateKey, &cert, &ca ))
>> {
>> printf("Error parsing PKCS12 file");
>> }
>> if (ca)
>> printf(" ca is not null!");
>> else
>> printf("ca is null!");
>> if (cert)
>> publicKey = X509_get_pubkey(cert);
>>
>> if ((!privateKey) || (!publicKey))
>> {
>> printf("private key or public key is NULL!");
>> }
>> unsigned int cert_num = ((STACK *)ca)->num;
>> printf("number of certificates in CA chain=%d", cert_num");
>>
>> After running it, it prints:
>>
>> ca is not null!
>> number of certificates in CA chain=0
>>
>>
>> It looked like that ca was not null but it was empty. I am expecting
>> PKCS12_parse to fill ca with additional certificates. But it didn't.
>> Any help is appreciated!
>
>
>Use sk_X509_num() on the ca stack instead of messing around with internals.
>
>Seek if the other certificates can be extracted using the pkcs12 utility.
>
>Steve.
>--
>Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
>OpenSSL project core developer and freelance consultant.
>Funding needed! Details on homepage.
>Homepage: http://www.drh-consultancy.demon.co.uk
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List openssl-users@openssl.org
>Automated List Manager [EMAIL PROTECTED]
>
__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
Netscape. Just the Net You Need.
New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
