I used this , and it seems to work great (parsed it with ASN1): st_exts = sk_X509_EXTENSION_new_null(); X509_REQ *x;
/*add INTEGER EXT*/ int1 = ASN1_INTEGER_new(); ASN1_INTEGER_set(int1, 1); os1 = M_ASN1_OCTET_STRING_new(); os1->data = NULL; n = i2d_ASN1_INTEGER(int1,&os1->data); os1->length = n; sk_X509_EXTENSION_push(st_exts, X509_EXTENSION_create_by_OBJ(NULL, obj1, 0,os1)); /*add PRINTABLESTRING EXT*/ tmp_os = M_ASN1_PRINTABLESTRING_new(); tmp_os->type = V_ASN1_PRINTABLESTRING; ASN1_STRING_set(tmp_os, (const unsigned char *)"TEST", 4 ); os2 = M_ASN1_OCTET_STRING_new(); os->data = NULL; n = i2d_ASN1_PRINTABLESTRING( tmp_os, &os2->data ); os2->length = n; /* add to the extension stack.*/ sk_X509_EXTENSION_push(st_exts, X509_EXTENSION_create_by_OBJ(NULL, obj2, 0, os2)); /* Now we've created the extensions we add them to the request */ X509_REQ_add_extensions(x, st_exts); I freed all the ASN1 structs at the end... Did I add the extension the way you meant? Do I need to free anything else? -- View this message in context: http://openssl.6102.n7.nabble.com/Adding-a-custom-extension-to-a-CSR-tp47446p47560.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org