Hi, I'm trying to add a library routine (or routines) to generate a CSR and make that available to users of Openssl at the API level. I'm thinking the shortest path might be to extract code from apps/req.c as we know it's correct. My only problem (so far) is dealing with the multiple places it bifurcates based on gen_x509 (versus newreq) -- which David pointed out to me in a separate mail thread back in mid-October. What would be the downside to having two completely different code paths for handling -x509 (and gen_x509) i.e. a self-signed certificate versus generating a CSR? The latter would allow me to move the CSR code into a library and have the app exercise that API. The only downside I can see is that the self-signed certificate path might need to duplicate some of the library code. Is that acceptable? Thanks, -Philip
