> On Dec 22, 2021, at 2:18 PM, Jordan Brown <open...@jordan.maileater.net>
> wrote:
>
> On 12/22/2021 11:45 AM, David von Oheimb wrote:
>> Yet beware that a general-purpose library function that has (at least) the
>> flexibility offered by that app would need a non-trivial set of parameters.
>>
>
> I suspect that it would end up looking a lot like the existing API. There
> might be a few shortcuts possible, but fundamentally you need to set a
> significant (and variable) number of parameters. The straightforward way to
> do that is with a "create object" function and "set parameter into object"
> functions - and some of those parameters themselves need a similar set of
> functions.
>
> The existing API isn't bad, once you figure out how to use it. It's been
> several years since I wrote a CSR generator and so I don't remember how I
> figured it out, but I think I might have had to look at req.c rather than
> finding documentation.
>
Should supporting openssl.cnf be part of the library API, or externally handled
in the command-line utility where it then passes in the values extracted from
that file?
I'm inclined to KISS and going with the latter.
-Philip