Extracting client certificate & private key from .p12 file

Can anybody tell me how to use

PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)开发者_开发技巧; 

int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); 

any documenatation reference will also work.

Without error-checking:

FILE *p12_file;
PKCS12 *p12_cert = NULL;
EVP_PKEY *pkey;
X509 *x509_cert;
STACK_OF(X509) *additional_certs = NULL;

p12_file = fopen("foo.p12", "rb");
d2i_PKCS12_fp(p12_file, &p12_cert);
fclose(p12_file);

PKCS12_parse(p12_cert, "password", &pkey, &x509_cert, &additional_certs);

The private key is now in pkey, the certificate in x509_cert and any additional certificates in additional_certs.

• Here is openssl's page for parse: PKCS12_parse.html
• Here is Apple's link to using openssl libs: see PKCS#12, Section 2: I/O

From Apple's site, here are the descriptions:

int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
                             STACK **ca);

This function takes a PKCS12 structure and a password (ASCII, null terminated) and returns the private key, the corresponding certificate and any CA certificates. If any of these is not required it can be passed as a NULL. The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK structure. Typically to read in a PKCS#12 file you might do:

p12 = d2i_PKCS12_fp(fp, NULL);
PKCS12_parse(p12, password, &pkey, &cert, NULL);    /* CAs not wanted */
PKCS12_free(p12);