Re: Loading a config file with the OpenSSL API

2013-04-16 Thread Dr. Stephen Henson 
On Tue, Apr 16, 2013, Derek Cole wrote:

> Hello,
> 
> I am cross posting this to the list in hopes of getting some more traffic:
> 
> http://stackoverflow.com/questions/16026718/how-to-load-a-config-for-cert-signing-request-with-openssl-api
> 
> Basically I am trying to modify the mkreq.c program to read in my already
> existing config file instead of adding the ext's one at a time like is
> happening in the example. It is not crashing, but I don't see any evidence
> that it has loaded the config file either - perhaps someone can take a look
> and show me how that should be done?
> 

First there's a typo in mkreq.c it should be STACK_OF(X509_EXTENSION). 

Have a look at the snippet in apps/req.c around line 880 (where it uses the
variable X509V3_CTX). This uses the newer nconf code. If you want to use a
LHASH directly you can use the older API which ends in _conf instead of
_nconf.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

AW: Loading a config file with the OpenSSL API

2013-04-16 Thread Alexander.Elgert 
> Von: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] im 
> Auftrag von Derek Cole [derek.c...@gmail.com]
> Gesendet: Dienstag, 16. April 2013 14:29
> An: openssl-users@openssl.org
> Betreff: Loading a config file with the OpenSSL API
>
> Hello,
>
> I am cross posting this to the list in hopes of getting some more traffic:
>
> http://stackoverflow.com/questions/16026718/how-to-load-a-config-for-cert-signing-request-with-openssl-api
>
> Basically I am trying to modify the mkreq.c program to read in my already 
> existing config file instead of adding the ext's one at a time like is 
> happening in the example. It is not crashing, but I don't see any evidence 
> that it has loaded the config file either - perhaps someone can take a look 
> and show me how that should be done?

If you have a correctly working command line, I would suggest using gcov lcov.
http://ltp.sourceforge.net/coverage/lcov.php

This takes a few hours to make it work with code, but you can clearly see, what 
lines of code are called and it is very useful to follow a command line 
invocation.

Greetings,
Alexander

--
Deutsche Telekom AG
Seamless ICT Security Infrastructure & Management
im Auftrag T-Systems International GmbH
Dipl. Inf Alexander Elgert
Langwadener Strasse 17
64625 Bensheim
+49 176 22 717 661 (Mobil)
+49 671 83419-12 (Tel)
+49 671 83419-30 (Fax)
E-Mail: alexander.elg...@gmx.de
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org