[openssl-users] Converting DER encoded unsigned CSR to internal OpenSSL format

Peter P. p.pan48711 at gmail.com
Fri Nov 13 14:33:35 UTC 2015

Hi Wim,

I'll give this a shot, thank you for the suggestion!


On Wed, Nov 11, 2015 at 5:05 PM, Wim Lewis <wiml at omnigroup.com> wrote:

> On Nov 9, 2015, at 3:46 PM, Peter P. <p.pan48711 at gmail.com> wrote:
> > I'm writing an application using Openssl 1.0.2d where I am trying to
> take a DER encoded unsigned CSR and read it into an X509_REQ data structure
> via the d2i_X509_REQ_bio() function. This function errors out during when I
> attempt to read in my unsigned CSR and I would like to know if there is any
> other way to read in an unsigned CSR into an X509_REQ data structure.
> A CSR (from PKCS#10 / RFC2986) has the structure:
>    SEQUENCE { CertificationRequestInfo, AlgorithmIdentifier, BIT STRING }
> where the actual request is the CertificationRequestInfo, and the
> signature is composed of the AlgorithmIdentifier + BIT STRING.
> Are you trying to just read in a bare CertificationRequestInfo structure?
> I suspect you can do that with a call like
>     ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ_INFO), bp, req)
> which is the same as the body of d2i_X509_REQ_bio(), but with X509_REQ
> replaced by X509_REQ_INFO. I haven't tried it, though.
> (Whether it's a *good idea* to pass bare CSR info structs around is
> another question but I'll leave that up to you.)
> Wim.
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151113/f9dbd1da/attachment.html>

More information about the openssl-users mailing list