Problem with PKCS12 and SSL_CTX_add_extra_chain_cert
I'm having some problem with the SSL_CTX_add_extra_chain_cert function
related with the use with pkcs12 certificate file.
Here's the situation:
I want to add to the verification tree of the CA certs the certs stored in
the pkcs12 file, but I get some problem using the function above.
If i previously extract the certs from the PKCS12 file and store them on the
disk then i can use the SSL_CTX_load_verify_location and pass to it the file
name or the file path: everything works well if I act this way. The CA
certs verification succeeds and then I can go on building up a connection.
Now the problem is that I don't want to extract the certs from the pkcs12
and store them on the disk. I parse the p12 file and get a STACK_OF(X509)
with the CA certs. I call sk_x509_pop and then add the CA certs one by one
to the verification tree manually with SSL_CTX_add_extra_chain_cert, which
doesn't return any error.
However when I run the application it crashes with a fatal and actually I
can't yet understand the reason.
I've also tried to call SSL_CTX_set_mode(ctx, SSL_MODE_NO_AUTO_CHAIN) to
avoid the automatically costruction of chains but the situation deosn't
change at all.
I'm using OpenSSL 0.9.8g.
Does anyone know why I'm getting with problem?
Thanks anyone for every suggestion.