[openssl-users] Converting DER encoded unsigned CSR to internal OpenSSL format

Wim Lewis wiml at omnigroup.com
Wed Nov 11 22:05:08 UTC 2015

On Nov 9, 2015, at 3:46 PM, Peter P. <p.pan48711 at gmail.com> wrote:
> I'm writing an application using Openssl 1.0.2d where I am trying to take a DER encoded unsigned CSR and read it into an X509_REQ data structure via the d2i_X509_REQ_bio() function. This function errors out during when I attempt to read in my unsigned CSR and I would like to know if there is any other way to read in an unsigned CSR into an X509_REQ data structure.

A CSR (from PKCS#10 / RFC2986) has the structure:

   SEQUENCE { CertificationRequestInfo, AlgorithmIdentifier, BIT STRING }

where the actual request is the CertificationRequestInfo, and the signature is composed of the AlgorithmIdentifier + BIT STRING.

Are you trying to just read in a bare CertificationRequestInfo structure? I suspect you can do that with a call like

    ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ_INFO), bp, req)

which is the same as the body of d2i_X509_REQ_bio(), but with X509_REQ replaced by X509_REQ_INFO. I haven't tried it, though.

(Whether it's a *good idea* to pass bare CSR info structs around is another question but I'll leave that up to you.)


More information about the openssl-users mailing list