I have a need to sign an X509 certificate outside openssl, using a
hardware security module.
1 - I have to first hash the certificate.
I discovered X509_digest(), which is not documented. Is it the correct
function?
I also found ASN1_item_i2d() to serialize the cert_info member, from
which point I can hash. Opinions?
2 - I have to apply the resulting signature and algorithm to the
certificate.
I have some sample code which assigns values to the low level X509
structure.
E.g.,
x509->cert_info->signature_algorithm =
Obj_nid2obj(NID_sha1WithRSAEncryption);
Is that the only way, or is there a higher level call to add the
algorithm ID in both places and the signature in one call?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org