Questions about legacy apps/req.c code

Philip Prindeville philipp_subx at
Wed Dec 22 04:24:14 UTC 2021


I'm trying to add a library routine (or routines) to generate a CSR and make that available to users of Openssl at the API level.

I'm thinking the shortest path might be to extract code from apps/req.c as we know it's correct.

My only problem (so far) is dealing with the multiple places it bifurcates based on gen_x509 (versus newreq) -- which David pointed out to me in a separate mail thread back in mid-October.

What would be the downside to having two completely different code paths for handling -x509 (and gen_x509) i.e. a self-signed certificate versus generating a CSR?

The latter would allow me to move the CSR code into a library and have the app exercise that API.

The only downside I can see is that the self-signed certificate path might need to duplicate some of the library code.

Is that acceptable?



More information about the openssl-users mailing list