On Nov 9, 2015, at 3:46 PM, Peter P. <[email protected]> wrote:
> I'm writing an application using Openssl 1.0.2d where I am trying to take a
> DER encoded unsigned CSR and read it into an X509_REQ data structure via the
> d2i_X509_REQ_bio() function. This function errors out during when I attempt
> to read in my unsigned CSR and I would like to know if there is any other way
> to read in an unsigned CSR into an X509_REQ data structure.
A CSR (from PKCS#10 / RFC2986) has the structure:
SEQUENCE { CertificationRequestInfo, AlgorithmIdentifier, BIT STRING }
where the actual request is the CertificationRequestInfo, and the signature is
composed of the AlgorithmIdentifier + BIT STRING.
Are you trying to just read in a bare CertificationRequestInfo structure? I
suspect you can do that with a call like
ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ_INFO), bp, req)
which is the same as the body of d2i_X509_REQ_bio(), but with X509_REQ replaced
by X509_REQ_INFO. I haven't tried it, though.
(Whether it's a *good idea* to pass bare CSR info structs around is another
question but I'll leave that up to you.)
Wim.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
