PKCS#10 CSR generation and bulky crypto library - Re: Questions about legacy apps/req.c code

Michael Richardson mcr at
Thu Dec 23 18:04:03 UTC 2021

A problem that I have with apps/req.c is that it is hardly a good reference
for how to use the API calls.

I think, ideally, that all of openssl.cnf should be entirely an artifact of
the apps, but there are (still, I think) things that can only by constructing
some openssl.cnf configuration and sending that down.  Many of those calls
are not documented, but many wrappers (ruby's openssl for instance) continue
to use.

I posted a notion a few years ago that the apps/* should be split off into a
new repo, should use only documented API calls, and should evolve separately
from the core libssl.  This is a documentation and d06f00d'ing exercise.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list