Hi all,
Recently I needed to perform the following task: given a certificate request
(PKCS10 structure), make another one, with just a different public key.
So, I've written the following piece of code to do this:
// Declarations
EVP_PKEY pkey;
FILE* infile, *outfile;
// Opening the input and output files
...
// Creating the public key
...
// Read the PKCS10
X509_REQ* req = PEM_read_X509_REQ(infile, NULL, NULL, NULL);
// Set certificate request public key
if(!X509_REQ_set_pubkey(req, pkey))
return -1;
// Sign upon the request
if(!X509_REQ_sign(req, pkey, EVP_sha1()))
return -1;
// Write the new certificate into the output file
if(!PEM_write_X509_REQ(outfile, req))
return -1;
Everything worked as expected (no errors were reported). However, looking at
the output file after the execution, I discovered the request I got was the
same as the input one!
I took me several hours (and drove me crazy!) to find the catch. I needed to
clear the cached values in the req_info structure, as follows:
req->req_info->asn1 = NULL;
req->req_info->length = 0;
Well, now it works. But I think the behavior described above is buggy.
Can someone, please, fix it in the future releases of OpenSSL?
Thanks,
Michael Pogrebisky,
Software developer at Mercury Interactive Inc., Israel.
-------------------------------------------------------
Work phone: +972-(0)3-5399258
Home phone: +972-(0)3-9610824
Mobile phone: +972-(0)54-497123
Work fax: +972-(0)3-5331617
E-mail: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
