I've faced the problem of reissuing X509 DER certificate with newer versions of OpenSSL. I'm parsing X509 DER (signed using my Custom Digest Algorithm (CDA) and Custom Signature Algorithm (CSA)) with d2i_X509 function, ...const byte *p = pbOriginalCert; /* Original DER buffer */X509 *x = d2i_X509(NULL, &p, cbOriginalCert); changing some value of structure (serialNumber, notBefore, notAfter, etc.) and signing (replacing signature generated in CDA/CSA). int cbCertInfo = i2d_X509_CINF(x->cert_info, NULL);byte *pbCertInfo = (byte *)OPENSSL_malloc(cbCertInfo);byte *pp = pbCertInfo;i2d_X509_CINF(x->cert_info, &pp);byte *pbHash = NULL;int cbHash = CDA_DIGEST_init_update_final(pbCertInfo, cbCertInfo, &pbHash); /* My digest */OPENSSL_free(pbCertInfo);byte *pbSign = NULL;int cbSign = CSA_SIGNATURE_generate(pbHash, cbHash, privateKey, &pbSign); /* My signature */OPENSSL_free(pbHash);if (x->signature) ASN1_BIT_STRING_free(x->signature);x->signature = ASN1_BIT_STRING_new();ASN1_STRING_set((ASN1_STRING *)x->signature, pbSign, cbSign);OPENSSL_free(pbSign); after converting to DER buffer with i2d_X509 function, int cbNewCert = i2d_X509(x, NULL);byte *pbNewCert = (byte *)OPENSSL_malloc(cbNewCert);pp = pbNewCert;i2d_X509(x, &pp); pbNewCert contains DER with changed values when I run program in systems with older version (e.g. 0.9.8m) of OpenSSL, but in systems with newer version (e.g. 1.0.1e) pbNewCert gives me unchanged values, simply copy of pbOriginalCert. Please help me to fix problem with newer versions. Thank you in advance.
-- View this message in context: http://openssl.6102.n7.nabble.com/Reissuing-problem-of-X509-DER-with-newer-versions-of-OpenSSL-tp48201.html Sent from the OpenSSL - User mailing list archive at Nabble.com.
