x509 command doesn't seems to copy extension fields in pkcs#10 request.
i'm not sure why not. is there any policy to sign this certificate ?
anyway here is this patch for openssl-0.9.6b to copy all of them to
the certificate from the request.
/Shoichi Sakane @ KAME project/
diff -rc openssl-0.9.6b/apps/x509.c openssl-0.9.6b.new/apps/x509.c
*** openssl-0.9.6b/apps/x509.c Sat Mar 31 00:49:11 2001
--- openssl-0.9.6b.new/apps/x509.c Mon Aug 13 07:48:12 2001
***************
*** 552,557 ****
--- 552,570 ----
if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
+ {
+ STACK_OF(X509_EXTENSION) *exts;
+ exts = X509_REQ_get_extensions(req);
+ if (exts) {
+ X509_EXTENSION *ex;
+ int i;
+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+ ex = sk_X509_EXTENSION_value(exts, i);
+ X509_add_ext(x, ex, -1);
+ }
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+ }
+ }
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
