STACK_OF(X509) *ssl_read_pkcs7(server_rec *s, const char *pkcs7)
{
PKCS7 *p7;
STACK_OF(X509) *certs = NULL;
FILE *f;
f = fopen(pkcs7, "r");
if (!f) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02212) "Can't open %s", pkcs7);
ssl_die(s);
}
p7 = PEM_read_PKCS7(f, NULL, NULL, NULL);
if (!p7) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02274)
"Can't read PKCS7 object %s", pkcs7);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_CRIT, s);
exit(1);
}
switch (OBJ_obj2nid(p7->type)) {
case NID_pkcs7_signed:
certs = p7->d.sign->cert;
p7->d.sign->cert = NULL;
PKCS7_free(p7);
break;
case NID_pkcs7_signedAndEnveloped:
certs = p7->d.signed_and_enveloped->cert;
p7->d.signed_and_enveloped->cert = NULL;
PKCS7_free(p7);
break;
default:
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02213)
"Don't understand PKCS7 file %s", pkcs7);
ssl_die(s);
}
if (!certs) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02214)
"No certificates in %s", pkcs7);
ssl_die(s);
}
fclose(f);
return certs;
}
void pki_pkcs7::fload(const QString fname)
{
PKCS7 *_p7;
XFile file(fname);
file.open_read();
_p7 = PEM_read_PKCS7(file.fp(), NULL, NULL, NULL);
if (!_p7) {
ign_openssl_error();
file.retry_read();
_p7 = d2i_PKCS7_fp(file.fp(), NULL);
}
if (ign_openssl_error()) {
if (_p7)
PKCS7_free(_p7);
throw errorEx(tr("Unable to load the PKCS#7 file %1. Tried PEM and DER format.").arg(fname));
}
if (p7)
PKCS7_free(p7);
p7 = _p7;
}
