On Fri, May 07, 2010, David Woodhouse wrote: > On Fri, 2010-05-07 at 19:24 +0200, Dr. Stephen Henson wrote: > > Setting ca to NULL if it fails should work. That should be done in > > PKCS12_parse() on error. > > AIUI I don't want it to be NULL; I need it to be an empty stack. I need > the returned 'extra' certs so that I can work around RT#1942 on the > server. >
If you pass a NULL for the final argument in PKCS12_parse() extra CA certificates are ignored as it has nowhere to put them. If you pass a pointer to a NULL STACK_OF(X509) i.e do: STACK_OF(X509) *ca = NULL; and pass &ca it will allocate a stack and put the extra certs in ca. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org