1

我正在使用 openSSL 在 mac 项目中创建一个 pkcs12 文件。此方法在我的环境中不返回 null,而是在客户的环境中返回。我无法在我的环境中重现该问题。

这是代码,你怎么看?我应该在客户的环境中安装 openSSL 库吗?我是这个图书馆的新手。

谢谢。

#include "PKCS12Util.h"

BUF_MEM* createPKCS12File(char* pkcs7_pem, BIO* pkey_bio, char* password, char* name) {

    X509 *cert;
    EVP_PKEY* pkey;
    STACK_OF(X509) *cacert = sk_X509_new_null();
    PKCS12 *pk12;

    if (BIO_eof(pkey_bio)) {
        BIO_reset(pkey_bio);
    }

    pkey = PEM_read_bio_PrivateKey(pkey_bio, NULL, NULL, NULL);

    if (!pkey) {
        fprintf(stderr, "Error constructing pkey from pkey_bio\n");
    ERR_print_errors_fp(stderr);
    }

    SSLeay_add_all_algorithms();
    ERR_load_crypto_strings();

    pkcs7_pem = make_PEM(pkcs7_pem);
    BIO *pkcs7_pem_bio = BIO_new_mem_buf((void *)pkcs7_pem, (int)strlen(pkcs7_pem));
    PKCS7 *pkcs7 = PEM_read_bio_PKCS7(pkcs7_pem_bio, NULL, NULL, NULL);

    if (!pkcs7) {
        fprintf(stderr, "Error:\n");
    ERR_print_errors_fp(stderr);
    }

    STACK_OF(X509) *pk7_certs = pkcs7->d.sign->cert;

    // the first cert is the ca root cert, the last one is the client cert
    cert = sk_X509_value(pk7_certs, sk_X509_num(pk7_certs) - 1);
    sk_X509_push(cacert, sk_X509_value(pk7_certs, 0));

    pk12 = PKCS12_create(password, name, pkey, cert, cacert, 0,0,0,0,0);

    if(!pk12) {
        fprintf(stderr, "Error creating PKCS#12 structure\n");
        ERR_print_errors_fp(stderr);
        return NULL;
    }

    BIO* pk12_bio = BIO_new(BIO_s_mem());
    i2d_PKCS12_bio(pk12_bio, pk12);

    // get the BUF_MEM from the BIO to return it
    BUF_MEM *bptr;
    BIO_get_mem_ptr(pk12_bio, &bptr);
    BIO_set_close(pk12_bio, BIO_NOCLOSE); // So BIO_free() leaves BUF_MEM alone

    PKCS12_free(pk12);
    BIO_free(pkcs7_pem_bio);
    BIO_free(pk12_bio);

    return bptr;
}
4

1 回答 1

0

我发现了问题。我试图在证书链中使用“MisMatched-Intermediate”证书压缩私钥。

于 2013-06-14T18:29:55.883 回答