PKCS#10 CSR generation and bulky crypto library - Re: Questions about legacy apps/req.c code

Jordan Brown openssl at
Wed Dec 22 21:18:06 UTC 2021

On 12/22/2021 11:45 AM, David von Oheimb wrote:
> Yet beware that a general-purpose library function that has (at least)
> the flexibility offered by that app would need a non-trivial set of
> parameters.

I suspect that it would end up looking a lot like the existing API. 
There might be a few shortcuts possible, but fundamentally you need to
set a significant (and variable) number of parameters.  The
straightforward way to do that is with a "create object" function and
"set parameter into object" functions - and some of those parameters
themselves need a similar set of functions.

The existing API isn't bad, once you figure out how to use it.  It's
been several years since I wrote a CSR generator and so I don't remember
how I figured it out, but I think I might have had to look at req.c
rather than finding documentation.

Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list