如何在c ++中更改现有证书签名请求(CSR)的“版本”字段

时间:2015-01-22 17:14:01

标签: c++ openssl

我在一个项目中工作,我收到PEM格式的.csr文件,我需要更改Version字段并将更改的csr保存为PEM格式的新.csr文件。我用c ++编写了以下代码:

bool changeCSR_Version()
{
    bool ret = false;
    X509_REQ *req_rd = NULL;
    X509_REQ *tmp_req = NULL;

// read the template SCR-file as PEM-encoded
FILE *pOld_SCR = fopen("C:\\temp\\old.csr", "rb");
if (pOld_SCR != NULL)
{
    req_rd = PEM_read_X509_REQ(pOld_SCR, NULL, NULL, NULL);
    fclose(pOld_SCR);

    tmp_req = X509_REQ_dup(req_rd);

    if (tmp_req != NULL)
    {
        //show content of the old csr 
        X509_REQ_print_fp(stdout, tmp_req);

        //change version
        X509_REQ_INFO *ri;
        ri = tmp_req->req_info;
        ri->version->length = 1;
        ri->version->data = (unsigned char *)OPENSSL_malloc(1);
        if (ri->version->data == NULL) goto free_all;
        ri->version->data[0] = 2; /* version == 0 */
        //show content of the new csr 
        X509_REQ_print_fp(stdout, tmp_req);

        //save the new csr in a new file
        FILE *pNew_SCR = fopen("C:\\temp\\new.csr", "wb");
        if (pNew_SCR != NULL)
        {
            PEM_write_X509_REQ(pNew_SCR, tmp_req);
            fclose(pNew_SCR);
        }
    }
    //fclose(pOld_SCR);
}


free_all:
    // free all the stuff ....
    X509_REQ_free(tmp_req);

    return ret;

}

在考虑控制台输出时似乎工作正常!看第一个截图! 但是新创建的文件new.csr总是包含version = 0 !! ?? 看第二个截图! 任何想法如何解决错误?!

主要我想了解为什么控制台输出与新创建的csr文件不同!?代码中的Bug在哪里? THX

控制台输出:

Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject:
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:ba:
                    4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2f:
                    72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2e:
                    a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6d:
                    e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:42:
                    e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:bf:
                    5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:81:
                    31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f0:
                    02:62:fc:cd:19:e8:83:52:b7
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Key Usage:
                Digital Signature, Key Agreement, Certificate Sig
    Signature Algorithm: sha1WithRSAEncryption
         11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
         51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
         58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
         c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
         1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
         d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
         aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
         6c:20
Certificate Request:
    Data:
        Version: 2 (0x2)
        Subject:
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:ba:
                    4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2f:
                    72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2e:
                    a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6d:
                    e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:42:
                    e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:bf:
                    5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:81:
                    31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f0:
                    02:62:fc:cd:19:e8:83:52:b7
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Key Usage:
                Digital Signature, Key Agreement, Certificate Sig
    Signature Algorithm: sha1WithRSAEncryption
         11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
         51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
         58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
         c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
         1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
         d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
         aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
         6c:20

并通过openssl cmd读取新的new.csr文件:

c:\temp>
c:\temp>openssl req -in old.csr -noout -text
Certificate Request:
    Data:
        **Version: 0 (0x0)**
        Subject:
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:b
                    4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2
                    72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2
                    a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6
                    e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:4
                    e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:b
                    5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:8
                    31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f
                    02:62:fc:cd:19:e8:83:52:b7
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Key Usage:
                Digital Signature, Key Agreement, Certificate S
    Signature Algorithm: sha1WithRSAEncryption
        11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
        51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
        58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
        c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
        1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
        d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
        aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
        6c:20

c:\temp>openssl req -in new.csr -noout -text
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject:
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:b
                    4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2
                    72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2
                    a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6
                    e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:4
                    e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:b
                    5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:8
                    31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f
                    02:62:fc:cd:19:e8:83:52:b7
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Key Usage:
                Digital Signature, Key Agreement, Certificate S
    Signature Algorithm: sha1WithRSAEncryption
        11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
        51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
        58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
        c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
        1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
        d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
        aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
        6c:20

c:\temp>

1 个答案:

答案 0 :(得分:0)

我看到您修改了X509_REQ_INFO *的变量 ri 中的文件版本...

ri->version->data[0] = 2;

然而,用于将修改后的数据写入new.csr的结构不是 ri ,而是类型为X509_REQ的变量 tmp_req * ...

PEM_write_X509_REQ(pNew_SCR, tmp_req);