RE: X509 certificates through API
An easy way is to build the openssl binary as a lib but rename main. Then call it with the argv and argc you would send from the command line. -Original Message- From: ext Richard Koenning Sent: 05/20/2008 1:02:54 PM To: openssl-users@openssl.org Subject: Re: X509 certificates through API Kenneth Goldman wrote: > Is there sample code anywhere for how to construct X509 certificates > programmatically, through the API, not the command line? > > The documentation includes the serialization API's, but? > little else. > > I assume, since it can be done from the command line, that > the code exists and is just not documented. Could I be > wrong? Well, the code implementing the x509 subcommand of the openssl command line tool can be found in apps/x509.c. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH, IP SW SO 12 Phone/Fax: +49-89-636-47852 / 48332 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: X509 certificates through API
On Mon, May 19, 2008, Kenneth Goldman wrote: > > Is there sample code anywhere for how to construct X509 certificates > programmatically, through the API, not the command line? > > The documentation includes the serialization API's, but? > little else. > > I assume, since it can be done from the command line, that > the code exists and is just not documented. Could I be > wrong? > Some, but not all, of the API is documented. There are some demos in demos/x509 which should help though. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: X509 certificates through API
On May 19, 2008 02:09:54 pm Kenneth Goldman wrote: > Is there sample code anywhere for how to construct X509 certificates > programmatically, through the API, not the command line? > > The documentation includes the serialization API's, but? > little else. > > I assume, since it can be done from the command line, that > the code exists and is just not documented. Could I be > wrong? > Hi Ken: Well, there are lots of ways to generate a certificate - depends on the level to which you want to configure each cert. One way is in the code for WvStreams WvX509Mgr::create_selfissued at: http://repo.or.cz/w/wvstreams.git?a=blob;f=crypto/wvx509mgr.cc;h=bcb5247490d7dc8215d63e3fca8a1aa91d67b75c;hb=HEAD Although there are many other ways to do it (do you want to use the settings in openssl.cnf? then you may want to take a look at the code in the OpenSSL "req" or "ca" apps (in the apps subdirectory - req.c and ca.c) Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: X509 certificates through API
Kenneth Goldman wrote: Is there sample code anywhere for how to construct X509 certificates programmatically, through the API, not the command line? The documentation includes the serialization API's, but? little else. I assume, since it can be done from the command line, that the code exists and is just not documented. Could I be wrong? Well, the code implementing the x509 subcommand of the openssl command line tool can be found in apps/x509.c. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH, IP SW SO 12 Phone/Fax: +49-89-636-47852 / 48332 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
X509 certificates through API
Is there sample code anywhere for how to construct X509 certificates programmatically, through the API, not the command line? The documentation includes the serialization API's, but? little else. I assume, since it can be done from the command line, that the code exists and is just not documented. Could I be wrong? -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 (863-7646) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]