1
我正在使用openSSL在mac项目中创建一个pkcs12文件。 此方法在我的环境中不会返回null,而是在客户环境中返回。我无法在我的环境中重现问题。创建pkcs12在c代码中为mac项目返回null
这是代码,你怎么看?我应该在客户环境中安装openSSL库吗?我对这个图书馆很陌生。
谢谢。
#include "PKCS12Util.h"
BUF_MEM* createPKCS12File(char* pkcs7_pem, BIO* pkey_bio, char* password, char* name) {
X509 *cert;
EVP_PKEY* pkey;
STACK_OF(X509) *cacert = sk_X509_new_null();
PKCS12 *pk12;
if (BIO_eof(pkey_bio)) {
BIO_reset(pkey_bio);
}
pkey = PEM_read_bio_PrivateKey(pkey_bio, NULL, NULL, NULL);
if (!pkey) {
fprintf(stderr, "Error constructing pkey from pkey_bio\n");
ERR_print_errors_fp(stderr);
}
SSLeay_add_all_algorithms();
ERR_load_crypto_strings();
pkcs7_pem = make_PEM(pkcs7_pem);
BIO *pkcs7_pem_bio = BIO_new_mem_buf((void *)pkcs7_pem, (int)strlen(pkcs7_pem));
PKCS7 *pkcs7 = PEM_read_bio_PKCS7(pkcs7_pem_bio, NULL, NULL, NULL);
if (!pkcs7) {
fprintf(stderr, "Error:\n");
ERR_print_errors_fp(stderr);
}
STACK_OF(X509) *pk7_certs = pkcs7->d.sign->cert;
// the first cert is the ca root cert, the last one is the client cert
cert = sk_X509_value(pk7_certs, sk_X509_num(pk7_certs) - 1);
sk_X509_push(cacert, sk_X509_value(pk7_certs, 0));
pk12 = PKCS12_create(password, name, pkey, cert, cacert, 0,0,0,0,0);
if(!pk12) {
fprintf(stderr, "Error creating PKCS#12 structure\n");
ERR_print_errors_fp(stderr);
return NULL;
}
BIO* pk12_bio = BIO_new(BIO_s_mem());
i2d_PKCS12_bio(pk12_bio, pk12);
// get the BUF_MEM from the BIO to return it
BUF_MEM *bptr;
BIO_get_mem_ptr(pk12_bio, &bptr);
BIO_set_close(pk12_bio, BIO_NOCLOSE); // So BIO_free() leaves BUF_MEM alone
PKCS12_free(pk12);
BIO_free(pkcs7_pem_bio);
BIO_free(pk12_bio);
return bptr;
}
我发现了这个错误。我试图在证书链中使用错误的证书压缩私钥。 – NafeJeries