Re: Bag Attributes Ignored
On Thu, Jun 26, 2008, Hacker SF wrote:
> Hello to all,
> I've been trying to add bag attributes to a PKCS12 certificate using openssl pkcs12 command (eg, openssl pkcs12 -export -in cert1.pem -CSP "..." -LMK -out cert1.p12).
> All my attempts were unsuccessful. I've got openssl 0.9.8e patched and no errors during compiling/building (using mingw).
> This is the patch I've applied:
> I've updated obj_dat.h and related files.
> Everything is fine here.
> Then, I generate a PKCS12 file. No problems here.
> However, when I type in the following command:
> openssl pkcs12 -in cert1.p12 -info
> only CSP name bag attribute is shown. No LocalKeySet bag attribute. It's like it's being ignored by OpenSSL. I try to generate an PEAP certificate.
> If anyone can help me out here I'd be very much grateful.
> I look forward to hearing from you soon.
The patch is incomplete. Some additional code is needed in PKCS12_create() to
handle this attribute correctly.
Does anyone have any documentation or samples PKCS#12 files (not important
private keys!) that include this attribute? If so I'll look into adding
support in future OpenSSL releases. What I've seen suggests the patch doesn't
quite match the MS version.
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
OpenSSL Project [url]http://www.openssl.org[/url]
User Support Mailing List [email]email@example.com[/email]
Automated List Manager [email]firstname.lastname@example.org[/email]