145 lines
4.2 KiB
Groff
145 lines
4.2 KiB
Groff
.\" $OpenBSD: PKCS12_parse.3,v 1.7 2021/07/09 12:07:27 schwarze Exp $
|
|
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
|
|
.\"
|
|
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
|
|
.\" Copyright (c) 2002, 2009 The OpenSSL Project. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\"
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\"
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in
|
|
.\" the documentation and/or other materials provided with the
|
|
.\" distribution.
|
|
.\"
|
|
.\" 3. All advertising materials mentioning features or use of this
|
|
.\" software must display the following acknowledgment:
|
|
.\" "This product includes software developed by the OpenSSL Project
|
|
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|
.\"
|
|
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
.\" endorse or promote products derived from this software without
|
|
.\" prior written permission. For written permission, please contact
|
|
.\" openssl-core@openssl.org.
|
|
.\"
|
|
.\" 5. Products derived from this software may not be called "OpenSSL"
|
|
.\" nor may "OpenSSL" appear in their names without prior written
|
|
.\" permission of the OpenSSL Project.
|
|
.\"
|
|
.\" 6. Redistributions of any form whatsoever must retain the following
|
|
.\" acknowledgment:
|
|
.\" "This product includes software developed by the OpenSSL Project
|
|
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.Dd $Mdocdate: July 9 2021 $
|
|
.Dt PKCS12_PARSE 3
|
|
.Os
|
|
.Sh NAME
|
|
.Nm PKCS12_parse
|
|
.Nd parse a PKCS#12 structure
|
|
.Sh SYNOPSIS
|
|
.In openssl/pkcs12.h
|
|
.Ft int
|
|
.Fo PKCS12_parse
|
|
.Fa "PKCS12 *p12"
|
|
.Fa "const char *pass"
|
|
.Fa "EVP_PKEY **pkey"
|
|
.Fa "X509 **cert"
|
|
.Fa "STACK_OF(X509) **ca"
|
|
.Fc
|
|
.Sh DESCRIPTION
|
|
.Fn PKCS12_parse
|
|
parses a PKCS12 structure.
|
|
.Pp
|
|
.Fa p12
|
|
is the
|
|
.Vt PKCS12
|
|
structure to parse.
|
|
.Fa pass
|
|
is the passphrase to use.
|
|
If successful, the private key will be written to
|
|
.Pf * Fa pkey ,
|
|
the corresponding certificate to
|
|
.Pf * Fa cert ,
|
|
and any additional certificates to
|
|
.Pf * Fa ca .
|
|
.Pp
|
|
The parameters
|
|
.Fa pkey
|
|
and
|
|
.Fa cert
|
|
cannot be
|
|
.Dv NULL .
|
|
.Fa ca
|
|
can be
|
|
.Dv NULL ,
|
|
in which case additional certificates will be discarded.
|
|
.Pf * Fa ca
|
|
can also be a valid STACK, in which case additional certificates are
|
|
appended to
|
|
.Pf * Fa ca .
|
|
If
|
|
.Pf * Fa ca
|
|
is
|
|
.Dv NULL ,
|
|
a new STACK will be allocated.
|
|
.Pp
|
|
The
|
|
.Sy friendlyName
|
|
and
|
|
.Sy localKeyID
|
|
attributes (if present) of each certificate will be stored in the
|
|
.Fa alias
|
|
and
|
|
.Fa keyid
|
|
attributes of the
|
|
.Vt X509
|
|
structure.
|
|
.Sh RETURN VALUES
|
|
.Fn PKCS12_parse
|
|
returns 1 for success and 0 if an error occurred.
|
|
.Pp
|
|
The error can be obtained from
|
|
.Xr ERR_get_error 3 .
|
|
.Sh SEE ALSO
|
|
.Xr d2i_PKCS12 3 ,
|
|
.Xr PKCS12_create 3 ,
|
|
.Xr PKCS12_new 3 ,
|
|
.Xr X509_keyid_set1 3
|
|
.Sh HISTORY
|
|
.Fn PKCS12_parse
|
|
first appeared in OpenSSL 0.9.3 and has been available since
|
|
.Ox 2.6 .
|
|
.Sh BUGS
|
|
Only a single private key and corresponding certificate is returned by
|
|
this function.
|
|
More complex PKCS#12 files with multiple private keys will only return
|
|
the first match.
|
|
.Pp
|
|
Only
|
|
.Sy friendlyName
|
|
and
|
|
.Sy localKeyID
|
|
attributes are currently stored in certificates.
|
|
Other attributes are discarded.
|
|
.Pp
|
|
Attributes currently cannot be stored in the private key
|
|
.Vt EVP_PKEY
|
|
structure.
|