Adding signature items to X509 certificate structure
Ken Goldman
kgoldman at us.ibm.com
Wed Jul 31 20:47:54 UTC 2019
This use case is that I have an HSM that internally forms an X509
certificate and returns the signature. I have to reconstruct the X509
structure externally.
I have everything but the signature and its algorithm.
How can I programmatically set these values?
What I do now is:
- X509_ALGOR_set0() to set the x509->cert_info->signature and
x509->sigalg members with OBJ_nid2obj(NID_sha256WithRSAEncryption)
- free the x509->signature->data, malloc one of the right size, set
x509->signature->length and memcpy the signature
Is there a better way?
It feels like this requires a lot peering inside structures, and I
suspect it will need a rework for openssl 1.1.
More information about the openssl-users
mailing list