Hi,

I'm trying to add a library routine (or routines) to generate a CSR and make 
that available to users of Openssl at the API level.

I'm thinking the shortest path might be to extract code from apps/req.c as we 
know it's correct.

My only problem (so far) is dealing with the multiple places it bifurcates 
based on gen_x509 (versus newreq) -- which David pointed out to me in a 
separate mail thread back in mid-October.

What would be the downside to having two completely different code paths for 
handling -x509 (and gen_x509) i.e. a self-signed certificate versus generating 
a CSR?

The latter would allow me to move the CSR code into a library and have the app 
exercise that API.

The only downside I can see is that the self-signed certificate path might need 
to duplicate some of the library code.

Is that acceptable?

Thanks,

-Philip

Reply via email to