1

Until now, we are using a .pem file and we are able to establish an SSL connection (just for reference, below code):

ASSERT(true == ::SSL_CTX_use_certificate_file(
         m_Attribute.m_pContext, certificateFileName.c_str(), SSL_FILETYPE_PEM),
       "Unable to use certificate file.");

ASSERT(true == ::SSL_CTX_use_PrivateKey_file(
         m_Attribute.m_pContext, certificateFileName.c_str(), SSL_FILETYPE_PEM),
       "Unable to load private key file.");

::SSL_CTX_set_options(m_Attribute.m_pContext, g_SSLChoice[version].m_Negotiation);

// ... some more relevant code

ASSERT(true == ::SSL_set_tlsext_host_name(m_pSSL, hostName.c_str()),
       "Cannot enable server name indication for " + hostName);

{
  int result = ::SSL_connect(m_pSSL);
  ASSERT(result == 1, "Cannot build an SSL connection, error = " +
      Util::Convert::to_string(::SSL_get_error(m_pSSL, result)));
}

However now the requirement has changed and we have to use .pfx file. In OpenSSL, I couldn't find an option/function for using the same.

Have searched many threads in SO and various forums like:
Converting .PFX to .PEM programatically?
Convert a .PEM certificate to .PFX programmatically using OpenSSL
Converting pfx to pem using openssl
... and few others.

But couldn't find a way to convert .pfx to .pem programmatically in C/C++ with Linux.
Is there any readily available OpenSSL API which supports this? (e.g. for .pem we have a constant SSL_FILETYPE_PEM]

Community
  • 1
  • 1
iammilind
  • 68,093
  • 33
  • 169
  • 336

1 Answers1

0

There's no way to use convertions with standard C99/ANSI libs. You can alternatively try to use system() or popen() to call sys function, like OpenSSL.

$ openssl pkcs12 -in cert.pfx -out cert.pem

rfermi
  • 179
  • 11
  • 1
    I find [this Windows based program](https://github.com/michaelmotes/PKCS12toPEM/blob/master/PKCS12toPEM/PKCS12toPEM.cpp) in one of the above links. What is your view on that? (Also [this link](http://stackoverflow.com/questions/3549459/extracting-client-certificate-private-key-from-p12-file)). – iammilind Nov 17 '14 at 14:19
  • I think using openssl API can be an alternative. Anyway, if you dont want to use it statically linked, you can optionally go for dynamic links. Am I beeing helpful ? – rfermi Nov 17 '14 at 14:24
  • Actually this issue is in a mobile platform for changing .pfx file now and then. I hope that the `system()` command would work across all the mobile and desktop platforms. Which OpenSSL API are you referring to, is it a function ? – iammilind Nov 17 '14 at 14:30
  • You can only use 1 single compilation through CrossPlataforms? I mean, if you use compilation directives, you can avoid incompatibilities, like using -DANDROID or something like that (if using gcc) to choose what openssl call to use, depending on what OS are you running. – rfermi Nov 17 '14 at 14:32