On 18 Mar 2019, at 18:49, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote: > A mandatory part of the CSR is missing. It is malformed. Some further digging shows the CSR is indeed malformed - the old openssl code created a CSR like this: 507:d=2 hl=2 l= 1 prim: OBJECT :itu-t while the new openssl code produces a CSR like this: 508:d=2 hl=2 l= 0 prim: OBJECT :BAD OBJECT It looks like X509_REQ_new() in older versions of openssl created an object with an empty signature, while the new code produces a bad signature. > Since you don't have a CSR, the fix is to not attempt to encode the data > as a CSR. It sounds like what you have is a CRI (that is a > CertificationRequestInfo structure) so you'll need to encode that instead. > > https://tools.ietf.org/html/rfc2986#section-4 > > The relevant codec functions are: i2d_X509_REQ_INFO and d2i_X509_REQ_INFO. > > A CSR is: > > CertificationRequest ::= SEQUENCE { > certificationRequestInfo CertificationRequestInfo, > signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, > signature BIT STRING > } > > which encapsulates the CRI a larger signed structure, adding precisely > the bits you're missing. This makes sense - however there don’t appear to be any APIs in openssl that allow you to manipulate a X509_REQ_INFO structure. I can create it, and encode/decode it, but there is no X509_REQ_INFO_get_subject_name() (or friends) to populate the structure. X509_REQ_INFO itself is opaque. > An alternative (if you must) is to create an actual CSR, with a dummy > signature OID, and signature and then ignore the signature on the other > side. This looks like a workaround for now, what API call would I use to do that? The X509_REQ structure is opaque, so I can’t see what options I have for setting any OIDs. Regards, Graham —
