Thank you, Dr. Henson!
You helped me very much!
I used the mkcert.c and it printed the certificate stuff to the stdout.
Now, I try to map this output to appropriate SSL files.
As a newbie to OpenSSL, I have some difficult here:
in my server I'm using the following demo SSL files:
server.pem => for cert & private key using: SSL_CTX_use_certificate_file() and
SSL_CTX_use_PrivateKey_file()
cacert.pem => for locations verification using: SSL_CTX_load_verify_locations()
cakey.pem => is not in use currently
Now, where does each one of mkcert print commands go?
RSA_print_fp() ?
(it prints info like: modulus, publicExponent, privateExponent, prime1,
prime2, etc.)
X509_print_fp() ?
(it prints certificate data like: Version, Serial Number, Signature
Algorithm, etc.)
PEM_write_PrivateKey() ?
(it prints the private key code starting with "-----BEGIN RSA PRIVATE
KEY-----")
PEM_write_X509() ?
(it prints certificate code starting with "-----BEGIN CERTIFICATE-----")
Thanks a lot,
-- Amir
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: Wednesday, January 11, 2006 3:54 PM
To: openssl-users@openssl.org
Subject: Re: Calling 'openssl' utility as a C function?
On Wed, Jan 11, 2006, Amir Yiron wrote:
> Hello,
>
> I need my embedded application to be capable of creating a CA and creating
> SSL certificate.
> My operating system is eCos, which means I don't have shell or any scripts,
> and I can't run utilities (However, I have a file system!).
> I can only use a C interface.
>
> I'm looking for a way to do what the 'openssl' utility does - just by calling
> OpenSSL library C functions.
> e.g. I want to generate the CA root certificate and key,
> so instead of calling:
> openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1825
> I want to do it in C code, probably by one of the following ways:
> 1. call the main code of the openssl utility as a function, and prepare an
> appropriate arg/argc arguments vector, or
> 2. call directly the specific C function for the specific openssl subcommand
> ('req' in this case) with appropriate parameters.
>
> Note:
> - I can't use Unix specific APIs like getenv();
> - command execution cannot be interactive (command arguments and
> configuration files have to supply all required parameters).
>
>
The example code in demos/x509/mkcert.c would be a good starting point.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
