PKCS#10 CSR generation and bulky crypto library - Re: Questions about legacy apps/req.c code

Jordan Brown openssl at
Thu Dec 23 01:14:54 UTC 2021

On 12/22/2021 1:33 PM, Philip Prindeville wrote:
> Should supporting openssl.cnf be part of the library API, or
> externally handled in the command-line utility where it then passes in
> the values extracted from that file? 

I don't know how openssl.cnf factors into CSR creation with existing
tools.  The implementation that I did was entirely controlled by the
application and did not involve openssl.cnf.

I don't have an opinion on whether there should be a convenient way to
draw values from openssl.cnf into a CSR.  I would certainly start with
generating the CSR entirely from API calls, since that's the more
general case.

Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list