Massimiliano Pala wrote:
>
> Hi all,
>
> I am trying to modify a request DN and save it into an
> alternate file/output.
>
> I have succeded in generating a new DN from a string and
> I get no error when using:
>
> if(!X509_REQ_set_subject_name ( req, n ))
> return(0);
>
> where the req is the loaded request and n is the X509_NAME
> generated structure.
>
> The new subject name is displayed correctly when using the:
>
> if( verbose )
> {
> print_name(bio_err, "new subject=",
> X509_REQ_get_subject_name(req), nmflag);
> }
>
> But when sending it out I get the old DN:
>
> i=PEM_write_bio_X509_REQ(out,req);
>
> Why ??? I am patching the req.c file, but I am stuck with this
> problem. Someone can help ???
>
The X509_REQ ASN1 routines cache the signed portion of a request to
avoid possible signature errors with invalid encodings. Normally a
request will not be modified after it has been signed or received so
this doesn't matter. However in your case you are changing it so the
cached version is no longer valid. So you should set
req->req_info->enc.modified to 1.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
