Discussion:
SSL_CTX_use_PrivateKey_file
Julian Onions
2002-07-10 10:00:52 UTC
Permalink
Hi,
I've been attempting to use the SSL_CTX_use_PrivateKey_file to load
in private keys for SSL/TLS usage. It states in the documentation that
"SSL_CTX_use_PrivateKey_file() adds the first private key found in file
to ctx. The formatting type of the certificate must be specified from
the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1."

However after some experimentation and tracing the code it seems that
actually you can only use PEM format. I was hoping that I could use P12
files for the private key. Is there something similar I can use?

Julian.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Lutz Jaenicke
2002-07-10 14:07:11 UTC
Permalink
Post by Julian Onions
Hi,
I've been attempting to use the SSL_CTX_use_PrivateKey_file to load
in private keys for SSL/TLS usage. It states in the documentation that
"SSL_CTX_use_PrivateKey_file() adds the first private key found in file
to ctx. The formatting type of the certificate must be specified from
the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1."
However after some experimentation and tracing the code it seems that
actually you can only use PEM format. I was hoping that I could use P12
files for the private key. Is there something similar I can use?
Hmm. PEM is base64 encoded ASN1(=DER).

P12 is a completely different beast. You can however use OpenSSL's PKCS12
support routines to extract the EVP_PKEY private key from it and then
enable it using SSL_CTX_use_PrivateKey().
Sorry, it seems that there is no documentation about the PKCS12_* family
of functions available at this time.

Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke-XTec+feGiB/2g9D+***@public.gmane.org
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Michael Voucko
2002-07-10 14:12:11 UTC
Permalink
Post by Julian Onions
Hi,
I've been attempting to use the SSL_CTX_use_PrivateKey_file to load
in private keys for SSL/TLS usage. It states in the documentation that
"SSL_CTX_use_PrivateKey_file() adds the first private key found in file
to ctx. The formatting type of the certificate must be specified from
the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1."
However after some experimentation and tracing the code it seems that
actually you can only use PEM format. I was hoping that I could use P12
files for the private key. Is there something similar I can use?
Julian.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Sure, try something like

<<<

FILE *PKCS12File;
PKCS12 *pkcs12;
X509 *Cert;
EVP_PKEY *PrivateKey;
STACK_OF(X509) *CertChain;

PKCS12File = fopen(FileUrl, "rb");
if (!PKCS12File)
handle error ...

P12 = d2i_PKCS12_fp(PKCS12File, NULL);
fclose(PKCS12File);
if (!P12)
handle error ...

if (!PKCS12_parse(P12, Password, &PrivateKey, &Cert, CertChain))
handle error ...
Now all information contained in the P12 is at hand, do what ever you've
planned to do.

Michael
--
Fillmore Labs GmbH
Michael Voucko
Triforum C2
Frankfurter Str. 233
63263 Neu-Isenburg
Germany
Phone +49 (0)6102 88478 76
Fax +49 (0)6102 88478 70
mailto:voucko-0244YT3jnxrMn+dqGv/MrAC/***@public.gmane.org

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Julian Onions
2002-07-10 14:37:19 UTC
Permalink
Thanks for the info on private keys and P12 files. I think the documentation
should be updated though - as really you can only pass in the SSL_FILETYPE_PEM
to the operation.

My next question - there seems to be support in the code for dealing
with CRL's - but as far as I can tell, it will only load in a CRL if
you tell it too. The default certificate validation routines will not check
for CRLs at least as far as I can see.

How do you tempt the verifcation routines to check for the presence of
CRLs?

Julian.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Loading...