Eytan Segal wrote:
>
> Thanks, but not good enough :-(.
> I'm after the code for performing this in one stroke (and with reasonable
> efficiency) - without running openssl exe and manipulating files.
>
Well in outline ....
Read the certificate into an X509 structure.
Extract the DN into an X509_NAME structure using
X509_get_subject_name().
Create a certificate request (X509_REQ) structure using X509_REQ_new().
Set the version using X509_REQ_set_version()
Set the request subject name using X509_REQ_set_subject_name().
Set the new public key using X509_REQ_set_pubkey().
Sign the request using X509_REQ_sign().
You can also optionally copy the extensions across before you sign it.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
