PKCS#10 CSR generation and bulky crypto library - Re: Questions about legacy apps/req.c code
Jordan Brown
openssl at jordan.maileater.net
Wed Dec 22 21:18:06 UTC 2021
On 12/22/2021 11:45 AM, David von Oheimb wrote:
>
> Yet beware that a general-purpose library function that has (at least)
> the flexibility offered by that app would need a non-trivial set of
> parameters.
>
I suspect that it would end up looking a lot like the existing API.
There might be a few shortcuts possible, but fundamentally you need to
set a significant (and variable) number of parameters. The
straightforward way to do that is with a "create object" function and
"set parameter into object" functions - and some of those parameters
themselves need a similar set of functions.
The existing API isn't bad, once you figure out how to use it. It's
been several years since I wrote a CSR generator and so I don't remember
how I figured it out, but I think I might have had to look at req.c
rather than finding documentation.
--
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211222/502d36e0/attachment.htm>
More information about the openssl-users
mailing list