egroups 2 Posted November 28, 2019 Hi, I need get Expiration Date from certificate. I tryed this code with libeay32: function TSOpenSSL.CertificatePKCS12Expirate(const pFileName, pPassword: string): TDateTime; var buffer: Array [0..1023] of char; ca: pSTACK_OFX509; certfile: pBIO; lTime: pASN1_TIME; p12: pPKCS12; pCertificate: pX509; pkey: pEVP_PKEY; begin certfile:=BIO_new(BIO_s_file()); if (certfile = nil) then raise Exception.Create('Error creating BIO.'); BIO_read_filename(certfile, PAnsiChar(UTF8Encode(pFileName))); p12:=d2i_PKCS12_bio(certfile, nil); PKCS12_parse(p12, PAnsiChar(pPassword), pkey, pCertificate, ca); //here is allways pCertificate=nil PKCS12_free(p12); p12:=nil; BIO_free(certfile); if (pCertificate = nil) then raise Exception.Create('Unable to read certificate from file ' + pFileName + '.'); lTime:=pCertificate.cert_info.validity.notAfter; end; I wrote in comment where pCertificate is allways nil and I cannot of course read any data from this. Why? Password I have correct.I tryed this on some certificate files. Share this post Link to post
Angus Robertson 574 Posted November 28, 2019 Not much error handling for opening the file, it might not exist or be protected, or whether you read it correctly, I set all the output parameters for PKCS12_parse to nil before calling it, unless this is a very old Delphi your password is not AnsiString, just a few things to try, OpenSSL error handling might give you some ideas. Your last line does not work with any newer versions of OpenSSL, and 1.0.2 is out of support in four weeks. ICS has a TX509 certificate class that does all this for you, including getting all certificate fields, and another that renews it automatically before expiry. You can use these with internet libraries. Angus Share this post Link to post
egroups 2 Posted November 29, 2019 16 hours ago, Angus Robertson said: Not much error handling for opening the file, it might not exist or be protected, or whether you read it correctly, I set all the output parameters for PKCS12_parse to nil before calling it, unless this is a very old Delphi your password is not AnsiString, just a few things to try, OpenSSL error handling might give you some ideas. Your last line does not work with any newer versions of OpenSSL, and 1.0.2 is out of support in four weeks. ICS has a TX509 certificate class that does all this for you, including getting all certificate fields, and another that renews it automatically before expiry. You can use these with internet libraries. Angus Thanks for your answer.I tried ICS and now working for me. Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
