Re: C++ : Extracting CRL from a PKCS12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 02, 2016, Richard Stanek wrote:

> My original requirements were to extract the user certificate, the
> private key, and the CAs.  For that I was using the call to
> PKCS12_parse(...).  This satisfied the original requirements.  Very
> easy to find, understand, and use.
> 
> The new requirements that I have are that I also need to extract a CRL
> from that PKCS12.  I see that there is a CRLBag defined in the IETF
> RFC 7292 PKCS12 Standard (https://tools.ietf.org/html/rfc7292), so I
> know a CRL could exist inside a PKCS12.  I can't seem to find any API
> or C++ examples that extract a CRL from a PKSC12.
> 
> Is there an API, example code, or advice on how to extract a CRL from a PKCS12?
> 

I've never come across a PKCS#12 file containig a CRL before: would it be
possible to send me a sample which obviously doesn't contain any important
private keys.

To answer your question, yes it is should be possible but it is messy. You
need to parse the PKCS#12 file manually (see source to PKCS12_parse). In
the funtion parse_bag you add an extra case for NID_crlBag and call
PKCS12_SAFEBAG_get1_crl() on the bag, you should then get back an X509_CRL
pointer or NULL on error.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux