i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

Graham Leggett minfrin at sharp.fm
Tue Mar 19 00:22:00 UTC 2019


On 18 Mar 2019, at 22:02, Dave Coombs <dcoombs at carillon.ca> wrote:

>> This makes sense - however there don’t appear to be any APIs in openssl that allow you to manipulate a X509_REQ_INFO structure. I can create it, and encode/decode it, but there is no X509_REQ_INFO_get_subject_name() (or friends) to populate the structure. X509_REQ_INFO itself is opaque.
> 
> I believe you said you're using 1.0.2, right?  The structures aren't opaque there.  You can make your X509_REQ and populate its name etc as you already are, and then i2d_X509_REQ_INFO its req_info member.
> 
> (Even in the 1.1 API, where they are opaque, i2d_re_X509_REQ_tbs will encode a given X509_REQ's X509_REQ_INFO for you.)

How would I decode the X509_REQ_INFO structure on the other side, turning it back into X509_REQ?

While I can see a d2i_X509_REQ_INFO() function, I can’t find a corresponding function in openssl 1.1.0+ that assigns this to a X509_REQ, unless I am missing it?

By way of concrete example, having crossed the module boundary we need to pull out details from the X509_REQ_INFO, which can only be done if this structure has been assigned to a X509_REQ first:

https://source.redwax.eu/projects/RS/repos/mod_ca/browse/mod_ca_ldap.c#368

Regards,
Graham
—

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3260 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190319/d62a00d7/attachment.bin>


More information about the openssl-users mailing list