On Wed, Nov 02, 2016, Richard Stanek wrote: > My original requirements were to extract the user certificate, the > private key, and the CAs. For that I was using the call to > PKCS12_parse(...). This satisfied the original requirements. Very > easy to find, understand, and use. > > The new requirements that I have are that I also need to extract a CRL > from that PKCS12. I see that there is a CRLBag defined in the IETF > RFC 7292 PKCS12 Standard (https://tools.ietf.org/html/rfc7292), so I > know a CRL could exist inside a PKCS12. I can't seem to find any API > or C++ examples that extract a CRL from a PKSC12. > > Is there an API, example code, or advice on how to extract a CRL from a PKCS12? > I've never come across a PKCS#12 file containig a CRL before: would it be possible to send me a sample which obviously doesn't contain any important private keys. To answer your question, yes it is should be possible but it is messy. You need to parse the PKCS#12 file manually (see source to PKCS12_parse). In the funtion parse_bag you add an extra case for NID_crlBag and call PKCS12_SAFEBAG_get1_crl() on the bag, you should then get back an X509_CRL pointer or NULL on error. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
