As a recap:
>I've been trying to generate CSRs using openSSL, without much success.
>Working
>from req.c as a guide, I've been able to construct a CSR, sign it, and verify
>it. I then Base-64 encode it and save it in a suitable PKCS#10 format.
>Sounds easy, right? It is, except that whenever I try to use the CSR on
>Thawte's test certificate generator, it tells me that "the CSR is not
>self-signed".
What I've discovered is that OpenSSL doesn't seem to convert X509_REQ to
and from DER/Internal properly. For example, if I create a X509_REQ and
sign it, it verifies just dandy. But if I use i2d_X509_REQ and
d2i_X509_REQ, I don't get back a valid request - I just get NULL.
X509_REQ *req;
unsigned char buff[2048], *temp ;
long count, len ;
// at this point, I've already created the request.
// verification passes with flying colors
count = X509_REQ_verify(req, key);
printf("verification yields %ld\n", (long)count);
// convert to DER
temp = buff ;
len = i2d_X509_REQ(req, &temp);
// now convert from DER to internal
temp = buff ;
req = d2i_X509_REQ(NULL, &temp, len); // returns NULL !
count = X509_REQ_verify(req, key); // returns -1 (of course)
printf("verification yields %ld\n", (long)count);
Am I going crazy, or is there a bug in i2d_X509_REQ ?
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
CJ Holmes "The Macintosh uses an experimental
StarNine pointing device called a 'mouse.'
Director of Development There is no evidence that people
want to use these things."
(John C. Dvorak, SF Examiner, Feb. 1984.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
