1

It seems most examples of creating a p12 programmatically use OpenSSL. What other options are there?

I've found WolfSSL, and Chillkat (https://www.example-code.com/objc/pfx_create_from_pem_files.asp)

Any others?

What about sample code for creating the p12 without any 3rd party libraries?

William GP
  • 1,252
  • 1
  • 14
  • 29
  • 2
    What are your requirements as to not use OpenSSL? The problem is that the .p12 files which build on the PKCS #12 standard is quite complex if you really want to support it (fx see specification https://tools.ietf.org/html/rfc7292 ), so I wouldn't hesitate to use a trusted 3rd party. – hlynbech Apr 30 '19 at 19:41
  • @hlynbech raises red flags when its in the binary – William GP May 03 '19 at 22:00
  • Which red flags? If you mean the Apple review process then _any_ ssl library you link into the binary or use in any way will require you to state so on the App Store and in US export registration. – hlynbech May 05 '19 at 08:27
  • @hlynbech There's been vulnerabilities in OpenSSL before (notably Heartbleed), external customers don't really like to see it in the binary. Would prefer to not use it. – William GP May 06 '19 at 17:37
  • Security is not easy, and the other two SSL implementations you mention also have vulnerabilities, if you google it. Just because OpenSSL has had more _known_ vulnerabilities, it is more likely because it is under much much larger scrutiny and much more heavily tested than any other package because it is so widely used. It does not imply that the other packages are less vulnerable, in fact the opposite is most likely true. Also, if you are just looking to create p12-files, what types of vulnerabilities are you actually worried about? – hlynbech May 07 '19 at 22:05

0 Answers0