Description
x509_parser::parse_x509_certificate() fails with Der(InvalidTag) when called with the contents of a .p12 file. I'm still just learning about the low-level details of certificates, but my understanding is PKCS#12 is DER-encoded, so this was surprising. My assumption right now is that this is not expecting a PKCS#12 container but just the certificate itself (and I have a suspicion that it's primarily just used to decode the data from within a PEM), and of course that it doesn't handle any sort of encryption.
First off, I would love for this to be noted in the documentation. I've been told many times that a .p12 is a DER-encoded file containing a certificate, so it's only natural to look at x509_parser::parse_x509_certificate(), see that it parses a DER-encoded certificate, and believe that it applies here.
Secondly, is there any reasonable solution here? Could x509-parser learn to handle PKCS#12 files (including the password), or is there some recommended alternative approach for handling these and extracting the certificate data from them? I would really prefer not to pull in openssl just to decode a PKCS#12 archive into a certificate, then encode that certificate into DER, just so x509-parser can then decode it again.