Hi all.
I've made a function, which takes as params an x509 certificate request, the ca's private key, and certificate, and makes a signed certificate.
First I convert the x509_req structure to x509 with X509_REQ_to_X509, and after that I sign the certificate, set the extensions, etc., and finally clean up the memory.
The problem is the following. When my function is invocated second time, the program crashes at the calling of X509_REQ_to_X509.
Does X509_REQ_to_X509 has some bugs ?
Here is the code:
X509 *sign_certificate(X509_REQ *request, X509 *ca_certificate, RSA *ca_private_key, int days, int prupose)
{
X509 *certificate=NULL;
EVP_PKEY *pkey = NULL;
X509_EXTENSION *extension = NULL;
if ((request !=NULL) && (ca_certificate !=NULL) && (ca_private_key!=NULL))
{
EVP_PKEY_assign_RSA(pkey, ca_private_key);
certificate=X509_REQ_to_X509(request, days, pkey);
X509_sign(certificate,pkey,EVP_md5());
X509_set_issuer_name(certificate, X509_get_subject_name(ca_certificate));
if (prupose == SIGNATURE)
{
extension = X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage, "digitalSignature");
X509_add_ext(certificate,extension,-1);
extension = X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage, "nonRepudiation");
X509_add_ext(certificate,extension,-1);
}
else //prupose = encryption
{
extension = X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage, "keyEncipherment");
X509_add_ext(certificate,extension,-1);
extension = X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage, "nonRepudiation");
X509_add_ext(certificate,extension,-1);
}
X509_EXTENSION_free(extension);
EVP_PKEY_free(pkey);
}
return(certificate);
}
Thank you.
Andras ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
- Re: X509_REQ_to_X509 has a bug ? jooandras
- Re: X509_REQ_to_X509 has a bug ? Vadim Fedukovich
- Re: X509_REQ_to_X509 has a bug ? jooandras
