creating pkcs12 return null in c code for mac project

StackOverflow https://stackoverflow.com/questions/17060608

  •  31-05-2022
  •  | 
  •  

سؤال

I'm using openSSL to create a pkcs12 file in a mac project. This method does not return null in my environment, but instead in the customer's environment. I'm unable to reproduce the problem in my environment.

Here is the code, what do you think ? should I install the openSSL library in the customer's environment? I'm new to this library.

thanks. 

#include "PKCS12Util.h"

BUF_MEM* createPKCS12File(char* pkcs7_pem, BIO* pkey_bio, char* password, char* name) {

    X509 *cert;
    EVP_PKEY* pkey;
    STACK_OF(X509) *cacert = sk_X509_new_null();
    PKCS12 *pk12;

    if (BIO_eof(pkey_bio)) {
        BIO_reset(pkey_bio);
    }

    pkey = PEM_read_bio_PrivateKey(pkey_bio, NULL, NULL, NULL);

    if (!pkey) {
        fprintf(stderr, "Error constructing pkey from pkey_bio\n");
    ERR_print_errors_fp(stderr);
    }

    SSLeay_add_all_algorithms();
    ERR_load_crypto_strings();

    pkcs7_pem = make_PEM(pkcs7_pem);
    BIO *pkcs7_pem_bio = BIO_new_mem_buf((void *)pkcs7_pem, (int)strlen(pkcs7_pem));
    PKCS7 *pkcs7 = PEM_read_bio_PKCS7(pkcs7_pem_bio, NULL, NULL, NULL);

    if (!pkcs7) {
        fprintf(stderr, "Error:\n");
    ERR_print_errors_fp(stderr);
    }

    STACK_OF(X509) *pk7_certs = pkcs7->d.sign->cert;

    // the first cert is the ca root cert, the last one is the client cert
    cert = sk_X509_value(pk7_certs, sk_X509_num(pk7_certs) - 1);
    sk_X509_push(cacert, sk_X509_value(pk7_certs, 0));

    pk12 = PKCS12_create(password, name, pkey, cert, cacert, 0,0,0,0,0);

    if(!pk12) {
        fprintf(stderr, "Error creating PKCS#12 structure\n");
        ERR_print_errors_fp(stderr);
        return NULL;
    }

    BIO* pk12_bio = BIO_new(BIO_s_mem());
    i2d_PKCS12_bio(pk12_bio, pk12);

    // get the BUF_MEM from the BIO to return it
    BUF_MEM *bptr;
    BIO_get_mem_ptr(pk12_bio, &bptr);
    BIO_set_close(pk12_bio, BIO_NOCLOSE); // So BIO_free() leaves BUF_MEM alone

    PKCS12_free(pk12);
    BIO_free(pkcs7_pem_bio);
    BIO_free(pk12_bio);

    return bptr;
}
هل كانت مفيدة؟

المحلول

I found the problem. I was trying to compact a private key with a "MisMatched-Intermediate" certificate in the certificate chain.

مرخصة بموجب: CC-BY-SA مع الإسناد
لا تنتمي إلى StackOverflow
scroll top