On Sat, Mar 01, 2014, Jeffrey Walton wrote: > I'm building a ca cert following .../demos/mkcert.c. The program is failing > at: > > X509_EXTENSION* ex4 = > X509V3_EXT_conf_nid(NULL, NULL, NID_subject_key_identifier, "hash"); > err = ERR_get_error(); > ... > > $ openssl errstr 0x22073072 > error:22073072:X509 V3 routines:S2I_SKEY_ID:no public key > > The public key was set earlier with the private key as in mkcert.c. > > I also tried with X509V3_EXT_nconf_nid, but got the same error. > > Library startup code calls the following: > > * OPENSSL_no_config(); > * FIPS_mode_set(1); > * SSL_library_init(); > > Googling turned up no hits; Viega's book does not discuss it, and > Rescorla's book does not discuss it. > > Any ideas what is causing the 0x22073072 error? >
The extension code needs access to the public key in order to create the SKID. This is done using the X509V3_CTX parameter to X509V3_EXT_conf_nid which you've set to NULL. See the add_ext function in mkcert.c for details of how to set it up. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
