On 8/6/2021 1:11 PM, Ken Goldman wrote:
I have an application where I have to create a partial x509 certificate. It gets sent to an HSM, which fills in the public key and signs it. I was calling X509_new X509_set_version X509_set_issuer_name X509_get_notBefore X509_get_notAfter X509_set_subject_name X509_EXTENSION_create_by_OBJ and then i2d_x509 to send the serialized partial certificate to the HSM. This worked in 1.0.1, 1.0.2, 1.1.1, but fails in 3.0.0. In debugging, even this fails. X509_new i2d_x509 Suggestions?
Following up, I found that just omitting the signature from the X509 structure causes i2d_x509 to fail. I tried i2d_re_X509_tbs(), but it also failed.
