PkiPath with openssl

Wim Lewis wiml at
Mon Jun 17 22:43:04 UTC 2019

On Jun 17, 2019, at 8:09 AM, Tobias Wolf <wolf.tobias at> wrote:
> there already a function available? In fact I´d like to provide a STACK(X509)* as a parameter and get the pem or der encoded asn1 structure back.

Assuming you've already assembled the list of certificates you want to encode, I think you can use the generic ASN.1 routines (see the docs in doc/man3/X509_dup.pod; I'm not sure why that's where they live) to define the encoded structure of the PkiPath; and use the ASN1_SEQUENCE_OF macro in that definition. See also the "asn1t.h" header.

I don't remember how to actually do this, but perhaps this will point you in a useful direction.

More information about the openssl-users mailing list