On 18 Mar 2019, at 22:02, Dave Coombs <dcoombs@xxxxxxxxxxx> wrote: >> This makes sense - however there don’t appear to be any APIs in openssl that allow you to manipulate a X509_REQ_INFO structure. I can create it, and encode/decode it, but there is no X509_REQ_INFO_get_subject_name() (or friends) to populate the structure. X509_REQ_INFO itself is opaque. > > I believe you said you're using 1.0.2, right? The structures aren't opaque there. You can make your X509_REQ and populate its name etc as you already are, and then i2d_X509_REQ_INFO its req_info member. > > (Even in the 1.1 API, where they are opaque, i2d_re_X509_REQ_tbs will encode a given X509_REQ's X509_REQ_INFO for you.) How would I decode the X509_REQ_INFO structure on the other side, turning it back into X509_REQ? While I can see a d2i_X509_REQ_INFO() function, I can’t find a corresponding function in openssl 1.1.0+ that assigns this to a X509_REQ, unless I am missing it? By way of concrete example, having crossed the module boundary we need to pull out details from the X509_REQ_INFO, which can only be done if this structure has been assigned to a X509_REQ first: https://source.redwax.eu/projects/RS/repos/mod_ca/browse/mod_ca_ldap.c#368 Regards, Graham —
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
