[xmlsec] X509 aux data with OpenSSL engine

Jesse Pelton jsp at PKC.com
Fri May 2 11:12:47 PDT 2003

I'd like to be able to get at certain X509 auxiliary data (such as the
alias) after calling xmlSecOpenSSLAppPkcs12Load().  The function uses
X509_dup() to clone each certificate in the chain (as well as the key cert),
but X509_dup() does not copy auxiliary data.  As a result, by the time
xmlSecOpenSSLAppPkcs12Load() returns, the auxiliary data is lost.

I think there are a couple of options:

1) I could load the PKCS12 file using OpenSSL calls after
xmlSecOpenSSLAppPkcs12Load() returns and clone whatever data I want.
2) xmlSecOpenSSLAppPkcs12Load() could be modified so that the original key
certificate is adopted, rather than a copy.  I think this means pushing a
copy of the original certificate on the chain when PKCS12_parse() returns,
rather than the original.

The latter seems preferable, but I'm not sure it's feasible.

More information about the xmlsec mailing list