creating pkcs12 return null in c code for mac project

StackOverflow https://stackoverflow.com/questions/17060608

  •  31-05-2022
  •  | 
  •  

Pregunta

I'm using openSSL to create a pkcs12 file in a mac project. This method does not return null in my environment, but instead in the customer's environment. I'm unable to reproduce the problem in my environment.

Here is the code, what do you think ? should I install the openSSL library in the customer's environment? I'm new to this library.

thanks. 

#include "PKCS12Util.h"

BUF_MEM* createPKCS12File(char* pkcs7_pem, BIO* pkey_bio, char* password, char* name) {

    X509 *cert;
    EVP_PKEY* pkey;
    STACK_OF(X509) *cacert = sk_X509_new_null();
    PKCS12 *pk12;

    if (BIO_eof(pkey_bio)) {
        BIO_reset(pkey_bio);
    }

    pkey = PEM_read_bio_PrivateKey(pkey_bio, NULL, NULL, NULL);

    if (!pkey) {
        fprintf(stderr, "Error constructing pkey from pkey_bio\n");
    ERR_print_errors_fp(stderr);
    }

    SSLeay_add_all_algorithms();
    ERR_load_crypto_strings();

    pkcs7_pem = make_PEM(pkcs7_pem);
    BIO *pkcs7_pem_bio = BIO_new_mem_buf((void *)pkcs7_pem, (int)strlen(pkcs7_pem));
    PKCS7 *pkcs7 = PEM_read_bio_PKCS7(pkcs7_pem_bio, NULL, NULL, NULL);

    if (!pkcs7) {
        fprintf(stderr, "Error:\n");
    ERR_print_errors_fp(stderr);
    }

    STACK_OF(X509) *pk7_certs = pkcs7->d.sign->cert;

    // the first cert is the ca root cert, the last one is the client cert
    cert = sk_X509_value(pk7_certs, sk_X509_num(pk7_certs) - 1);
    sk_X509_push(cacert, sk_X509_value(pk7_certs, 0));

    pk12 = PKCS12_create(password, name, pkey, cert, cacert, 0,0,0,0,0);

    if(!pk12) {
        fprintf(stderr, "Error creating PKCS#12 structure\n");
        ERR_print_errors_fp(stderr);
        return NULL;
    }

    BIO* pk12_bio = BIO_new(BIO_s_mem());
    i2d_PKCS12_bio(pk12_bio, pk12);

    // get the BUF_MEM from the BIO to return it
    BUF_MEM *bptr;
    BIO_get_mem_ptr(pk12_bio, &bptr);
    BIO_set_close(pk12_bio, BIO_NOCLOSE); // So BIO_free() leaves BUF_MEM alone

    PKCS12_free(pk12);
    BIO_free(pkcs7_pem_bio);
    BIO_free(pk12_bio);

    return bptr;
}
¿Fue útil?

Solución

I found the problem. I was trying to compact a private key with a "MisMatched-Intermediate" certificate in the certificate chain.

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top