On 12/22/2021 1:33 PM, Philip
Prindeville wrote:
Should supporting openssl.cnf be part of the library API, or externally handled in the command-line utility where it then passes in the values extracted from that file?
I don't know how openssl.cnf factors into CSR creation with existing tools. The implementation that I did was entirely controlled by the application and did not involve openssl.cnf.
I don't have an opinion on whether there should be a convenient way to draw values from openssl.cnf into a CSR. I would certainly start with generating the CSR entirely from API calls, since that's the more general case.
-- Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
