creating pkcs12 return null in c code for mac project

StackOverflow https://stackoverflow.com/questions/17060608

  •  31-05-2022
  •  | 
  •  

Question

I'm using openSSL to create a pkcs12 file in a mac project. This method does not return null in my environment, but instead in the customer's environment. I'm unable to reproduce the problem in my environment.

Here is the code, what do you think ? should I install the openSSL library in the customer's environment? I'm new to this library.

thanks. 

#include "PKCS12Util.h"

BUF_MEM* createPKCS12File(char* pkcs7_pem, BIO* pkey_bio, char* password, char* name) {

    X509 *cert;
    EVP_PKEY* pkey;
    STACK_OF(X509) *cacert = sk_X509_new_null();
    PKCS12 *pk12;

    if (BIO_eof(pkey_bio)) {
        BIO_reset(pkey_bio);
    }

    pkey = PEM_read_bio_PrivateKey(pkey_bio, NULL, NULL, NULL);

    if (!pkey) {
        fprintf(stderr, "Error constructing pkey from pkey_bio\n");
    ERR_print_errors_fp(stderr);
    }

    SSLeay_add_all_algorithms();
    ERR_load_crypto_strings();

    pkcs7_pem = make_PEM(pkcs7_pem);
    BIO *pkcs7_pem_bio = BIO_new_mem_buf((void *)pkcs7_pem, (int)strlen(pkcs7_pem));
    PKCS7 *pkcs7 = PEM_read_bio_PKCS7(pkcs7_pem_bio, NULL, NULL, NULL);

    if (!pkcs7) {
        fprintf(stderr, "Error:\n");
    ERR_print_errors_fp(stderr);
    }

    STACK_OF(X509) *pk7_certs = pkcs7->d.sign->cert;

    // the first cert is the ca root cert, the last one is the client cert
    cert = sk_X509_value(pk7_certs, sk_X509_num(pk7_certs) - 1);
    sk_X509_push(cacert, sk_X509_value(pk7_certs, 0));

    pk12 = PKCS12_create(password, name, pkey, cert, cacert, 0,0,0,0,0);

    if(!pk12) {
        fprintf(stderr, "Error creating PKCS#12 structure\n");
        ERR_print_errors_fp(stderr);
        return NULL;
    }

    BIO* pk12_bio = BIO_new(BIO_s_mem());
    i2d_PKCS12_bio(pk12_bio, pk12);

    // get the BUF_MEM from the BIO to return it
    BUF_MEM *bptr;
    BIO_get_mem_ptr(pk12_bio, &bptr);
    BIO_set_close(pk12_bio, BIO_NOCLOSE); // So BIO_free() leaves BUF_MEM alone

    PKCS12_free(pk12);
    BIO_free(pkcs7_pem_bio);
    BIO_free(pk12_bio);

    return bptr;
}
Was it helpful?

Solution

I found the problem. I was trying to compact a private key with a "MisMatched-Intermediate" certificate in the certificate chain.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top