Questions about legacy apps/req.c code
Philip Prindeville
philipp_subx at redfish-solutions.com
Wed Dec 22 04:24:14 UTC 2021
Hi,
I'm trying to add a library routine (or routines) to generate a CSR and make that available to users of Openssl at the API level.
I'm thinking the shortest path might be to extract code from apps/req.c as we know it's correct.
My only problem (so far) is dealing with the multiple places it bifurcates based on gen_x509 (versus newreq) -- which David pointed out to me in a separate mail thread back in mid-October.
What would be the downside to having two completely different code paths for handling -x509 (and gen_x509) i.e. a self-signed certificate versus generating a CSR?
The latter would allow me to move the CSR code into a library and have the app exercise that API.
The only downside I can see is that the self-signed certificate path might need to duplicate some of the library code.
Is that acceptable?
Thanks,
-Philip
More information about the openssl-users
mailing list