Hello all im a newbie with a problem.
Im trying to run the example 10-5 (generate a
certificate request) from the code at
www.opensslbook.com (I enclose the code and my pivate
key).
However I get this error when I try to run the
program:
[EMAIL PROTECTED]:~$ gcc -o EX10-5 EX10-5.c -lssl
[EMAIL PROTECTED]:~$ ./EX10-5
** EX10-5.c:93 Error creating Name entry from NID
13831:error:0D11A0A3:asn1 encoding
routines:ASN1_mbstring_copy:string too
long:a_mbstr.c:154:maxsize=2
Is it something to do with this:
OBJ_txt2nid() or
X509_NAME_ENTRY_create_by_NID ()
???
any help appreciated as im having trouble working out
what this NID is and how it works.
Thanks
Oliver Foden
________________________________________________________________________
Want to chat instantly with your online friends? Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/
#include <stdio.h>
#include <stdlib.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
/*
void seed_prng(void)
{
RAND_load_file("/dev/urandom", 1024);
}*/
void
handle_error (const char *file, int lineno, const char *msg)
{
fprintf (stderr, "** %s:%i %s\n", file, lineno, msg);
ERR_print_errors_fp (stderr);
exit (-1);
}
#define int_error(msg) handle_error(__FILE__, __LINE__, msg)
#define PKEY_FILE "privkey.pem"
#define REQ_FILE "newreq.pem"
#define ENTRY_COUNT 6
struct entry
{
char *key;
char *value;
};
struct entry entries[ENTRY_COUNT] = {
{"countryName", "FINLAND"},
{"stateOrProvinceName", "ESPOO"},
{"localityName", "Tapiola"},
{"organizationName", "xena.arcada.fi"},
{"organizationalUnitName", "COMPTELE"},
{"commonName", "CA"},
};
int
main (int argc, char *argv[])
{
int i;
X509_REQ *req;
X509_NAME *subj;
EVP_PKEY *pkey;
EVP_MD *digest;
FILE *fp;
/*OpenSSL_add_all_algorithms ();*/
ERR_load_crypto_strings ();
/*seed_prng ();*/
/* first read in the private key */
if (!(fp = fopen (PKEY_FILE, "r")))
int_error ("Error reading private key file");
if (!(pkey = PEM_read_PrivateKey (fp, NULL, NULL, "secret")))
int_error ("Error reading private key in file");
fclose (fp);
/* create a new request and add the key to it */
if (!(req = X509_REQ_new ()))
int_error ("Failed to create X509_REQ object");
X509_REQ_set_pubkey (req, pkey);
/* assign the subject name */
if (!(subj = X509_NAME_new ()))
int_error ("Failed to create X509_NAME object");
for (i = 0; i < ENTRY_COUNT; i++)
{
int nid;
X509_NAME_ENTRY *ent;
/*OBJ_txt2nid() returns NID corresponding to text string <s>.
s can be a long name, a short name or
the numerical respresentation of an object.*/
if ((nid = OBJ_txt2nid (entries[i].key)) == NID_undef)
{
fprintf (stderr, "Error finding NID for %s\n", entries[i].key);
int_error ("Error on lookup");
}
if (!(ent = X509_NAME_ENTRY_create_by_NID (NULL, nid, MBSTRING_ASC,
entries[i].value, -1)))
int_error ("Error creating Name entry from NID");
if (X509_NAME_add_entry (subj, ent, -1, 0) != 1)
int_error ("Error adding entry to Name");
}
if (X509_REQ_set_subject_name (req, subj) != 1)
int_error ("Error adding subject to request");
/* add an extension for the FQDN we wish to have */
{
X509_EXTENSION *ext;
STACK_OF (X509_EXTENSION) * extlist;
char *name = "subjectAltName";
char *value = "DNS:xena.arcada.fi";
extlist = sk_X509_EXTENSION_new_null ();
if (!(ext = X509V3_EXT_conf (NULL, NULL, name, value)))
int_error ("Error creating subjectAltName extension");
sk_X509_EXTENSION_push (extlist, ext);
if (!X509_REQ_add_extensions (req, extlist))
int_error ("Error adding subjectAltName to the request");
sk_X509_EXTENSION_pop_free (extlist, X509_EXTENSION_free);
}
/* pick the correct digest and sign the request */
if (EVP_PKEY_type (pkey->type) == EVP_PKEY_DSA)
digest = EVP_dss1 ();
else if (EVP_PKEY_type (pkey->type) == EVP_PKEY_RSA)
digest = EVP_sha1 ();
else
int_error ("Error checking public key for a valid digest");
if (!(X509_REQ_sign (req, pkey, digest)))
int_error ("Error signing request");
/* write the completed request */
if (!(fp = fopen (REQ_FILE, "w")))
int_error ("Error writing to request file");
if (PEM_write_X509_REQ (fp, req) != 1)
int_error ("Error while writing request");
fclose (fp);
EVP_PKEY_free (pkey);
X509_REQ_free (req);
return 0;
}
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQC9dpZK5ueAAWqBXlKiObXdZzepPW5h+4jumSsaymRUgxk4X9fo
71+f6hOpS0NHZ2Ney6pvIueE9CzZVfFbGrQutjQdJPLxKFHflOszjrQw86z9RLd/
r0QTsGCQ+3jXwntFW5Isl4JW+E9EWzrlVkbXYLNm+rannaGdOvY7toBfwQIDAQAB
AoGAIrbfwsmcETAxO5L0wRSh5fdLk47V8s4LwOv/oeEDkRiUPmgRP3TcqIhTIenQ
YfznkC7xA3v5v7qdnRTKLE8wRC2QlJ+4KUX3/+lvRbVtSnoe2C2NIiK/1pgvBS+J
82yl3n3BqWg5+Tf7fu6yUIbi0+ygNn5Pr3frdQ0PnSQ6AAECQQD3HBFnBe6PB2Or
tLV9ES+Nc6tOC7+1RmZFyuKgqlTfZVUOOfS0OLOheBrAP7Vai9H3wsYgaIeL+/su
yzVOkpOBAkEAxEeVXyq6qlGxQ3Po58mNb5N+YljeKrocGtEW7zTHplddNUsagzG6
1XX4cHynWETwReNt443J8rbsZceLsk7sQQJBANZ4zP3e3yPSpQZVjKOlM+GQgCD3
/4blOEThB3us+ob+GymC0clN4VKGvKkZYlzZN/7TVUSxlNvBc0w04Op2O4ECQQCo
KoSqEtv3jSKJHkgQPzl0vTPtYyKGDQqDV12E+P2NYRC01nISsYrX1MlU5xghon8S
AfdmnVbHIz6LPVpNHR2BAkEApXnvQUO39bBXlZfeUcUqzWBMOnNYY9SBoI2vmytk
xg28CkSv+gwAxdOquOR8jxmD0EjwH8nClmYkll20/PtzNw==
-----END RSA PRIVATE KEY-----
