Re: X509_REQ_to_X509 has a bug ?

Thu, 19 Apr 2001 09:47:37 -0700


Thank you Vadim. I thought that by freeing with EVP_PKEY_free, only the EVP format is freed, and the RSA stays untouched.

Thanks again.
andras



Vadim Fedukovich <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]

04/19/2001 07:41 PM
Please respond to openssl-users

       
        To:        <[EMAIL PROTECTED]>
        cc:        
        Subject:        Re: X509_REQ_to_X509 has a bug ?


Andras,

you may want to handle private key some other way, namely
dont free() it.

hope this helps,
Vadim

On Wed, 18 Apr 2001 [EMAIL PROTECTED] wrote:

>
> Hi all.
> I've made a function, which takes as params an x509 certificate request,
> the ca's private key, and certificate, and makes a signed certificate.
> First I convert the x509_req structure to x509 with X509_REQ_to_X509, and
> after that I sign the certificate, set the extensions, etc., and finally
> clean up the memory.
>
> The problem is the following. When my function is invocated second time,
> the program crashes at the calling of X509_REQ_to_X509.
> Does  X509_REQ_to_X509 has some bugs ?
>
>
> Here is the code:
>
> X509 *sign_certificate(X509_REQ *request, X509 *ca_certificate, RSA
> *ca_private_key, int days, int prupose)
> {
>         X509 *certificate=NULL;
>         EVP_PKEY *pkey = NULL;
>         X509_EXTENSION *extension = NULL;
>         if ((request !=NULL) && (ca_certificate !=NULL) &&
> (ca_private_key!=NULL))
>         {
>                 EVP_PKEY_assign_RSA(pkey, ca_private_key);
>                 certificate=X509_REQ_to_X509(request, days, pkey);
>                 X509_sign(certificate,pkey,EVP_md5());
>                 X509_set_issuer_name(certificate,
> X509_get_subject_name(ca_certificate));
>                 if (prupose == SIGNATURE)
>                 {
>                         extension = X509V3_EXT_conf_nid(NULL, NULL,
> NID_key_usage, "digitalSignature");
>                         X509_add_ext(certificate,extension,-1);
>                         extension = X509V3_EXT_conf_nid(NULL, NULL,
> NID_key_usage, "nonRepudiation");
>                         X509_add_ext(certificate,extension,-1);
>                 }
>                 else //prupose = encryption
>                 {
>                         extension = X509V3_EXT_conf_nid(NULL, NULL,
> NID_key_usage, "keyEncipherment");
>                         X509_add_ext(certificate,extension,-1);
>                         extension = X509V3_EXT_conf_nid(NULL, NULL,
> NID_key_usage, "nonRepudiation");
>                         X509_add_ext(certificate,extension,-1);
>                 }
>                 X509_EXTENSION_free(extension);
>                 EVP_PKEY_free(pkey);
>         }
>         return(certificate);
> }
>
> Thank you.
> Andras
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org User Support Mailing List
> [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]

Reply via email to