Creating a CSR using OpenSSL v1.1.1

Joe Eremita joe at
Thu Apr 29 14:04:23 UTC 2021

Hello all,

    I am developing a library that uses an HSM, and I need to create a CSR
to send to the CA. I have some examples using the X509_REQ to set the
public key and attributes. I 've also seen examples of signing the CSR,
which finds the req_info that is needed to sign the CSR:

  EVP_PKEY_assign_RSA( pkey , rsa );
  X509_REQ_set_pubkey(req, pkey);

                          MBSTRING_ASC, (unsigned char *)"SK", -1, -1, 0);
                          MBSTRING_ASC, (unsigned char *)"Test", -1, -1, 0);

  int datasig_len;
  unsigned char *tobesigned;

* datasig_len = i2d_X509_REQ_INFO( req->req_info, NULL );*

When I compile the last line, I get the error: error: 'invalid use of
incomplete type ‘X509_REQ {aka struct X509_req_st}'

I have discovered that the header x509.h obfuscates the type 'req_info',
and upon further research, I also found that this type was eliminated since
v1.1.0 of OpenSSL.

Does anyone know of an alternative to accessing the 'req_info' element, or
another way I can access the info I need to sign?

Thanks for your help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list