In openssl 0.9.7l, 1.0.0 beta 2, and probably all versions back to the
dawn of time :-), if
X509_set_version (x509, 0)
is called, to indicate that this is a version 1 certificate, then
OpenSSL will produce a certificate that contains an integer with value
0 in the certificate's version number field. 0 is the default and
should be indicated by omitting the version number field. There
doesn't seem to be an API that lets you reset the version other than
X509_set_version.
I think this could easily be implemented in X509_set_version by adding
if (version == 0) {
M_ASN1_INTEGER_free (x->cert_info->version);
x->cert_info->version = NULL;
return(0);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
