1
我正在使用openSSL在mac項目中創建一個pkcs12文件。 此方法在我的環境中不會返回null,而是在客戶環境中返回。我無法在我的環境中重現問題。創建pkcs12在c代碼中爲mac項目返回null
這是代碼,你怎麼看?我應該在客戶環境中安裝openSSL庫嗎?我對這個圖書館很陌生。
謝謝。
#include "PKCS12Util.h"
BUF_MEM* createPKCS12File(char* pkcs7_pem, BIO* pkey_bio, char* password, char* name) {
X509 *cert;
EVP_PKEY* pkey;
STACK_OF(X509) *cacert = sk_X509_new_null();
PKCS12 *pk12;
if (BIO_eof(pkey_bio)) {
BIO_reset(pkey_bio);
}
pkey = PEM_read_bio_PrivateKey(pkey_bio, NULL, NULL, NULL);
if (!pkey) {
fprintf(stderr, "Error constructing pkey from pkey_bio\n");
ERR_print_errors_fp(stderr);
}
SSLeay_add_all_algorithms();
ERR_load_crypto_strings();
pkcs7_pem = make_PEM(pkcs7_pem);
BIO *pkcs7_pem_bio = BIO_new_mem_buf((void *)pkcs7_pem, (int)strlen(pkcs7_pem));
PKCS7 *pkcs7 = PEM_read_bio_PKCS7(pkcs7_pem_bio, NULL, NULL, NULL);
if (!pkcs7) {
fprintf(stderr, "Error:\n");
ERR_print_errors_fp(stderr);
}
STACK_OF(X509) *pk7_certs = pkcs7->d.sign->cert;
// the first cert is the ca root cert, the last one is the client cert
cert = sk_X509_value(pk7_certs, sk_X509_num(pk7_certs) - 1);
sk_X509_push(cacert, sk_X509_value(pk7_certs, 0));
pk12 = PKCS12_create(password, name, pkey, cert, cacert, 0,0,0,0,0);
if(!pk12) {
fprintf(stderr, "Error creating PKCS#12 structure\n");
ERR_print_errors_fp(stderr);
return NULL;
}
BIO* pk12_bio = BIO_new(BIO_s_mem());
i2d_PKCS12_bio(pk12_bio, pk12);
// get the BUF_MEM from the BIO to return it
BUF_MEM *bptr;
BIO_get_mem_ptr(pk12_bio, &bptr);
BIO_set_close(pk12_bio, BIO_NOCLOSE); // So BIO_free() leaves BUF_MEM alone
PKCS12_free(pk12);
BIO_free(pkcs7_pem_bio);
BIO_free(pk12_bio);
return bptr;
}
我發現了這個錯誤。我試圖在證書鏈中使用錯誤的證書壓縮私鑰。 – NafeJeries