我正在使用OpenSSL库在C中编写一个简单的sSL服务器代码。 我使用RSA私钥PEM文件及其证书PEM文件作为输入参数。我是这样做的:
EVP_PKEY *pkey= NULL;
pkey = EVP_PKEY_new();
if(EVP_PKEY_set1_RSA(pkey, pkey_RSA) == 0){
printf("RSA_set1_key failed, error 0x%lx\n", ERR_get_error());
const char* error_string = ERR_error_string(ERR_get_error(), NULL);
printf("RSA_set1_key returns %s\n", error_string);
}
printf("An RSA key Object created with modulus and exponent params\n");
EVP_PKEY_assign_RSA(pkey, pkey_RSA);
X509 *x509 = X509_new();
X509_set_version(x509, 2);
ASN1_INTEGER_set(X509_get_serialNumber(x509), 0);
X509_gmtime_adj(X509_get_notBefore(x509), 0);
X509_gmtime_adj(X509_get_notAfter(x509), (long)60*60*24*365);
X509_set_pubkey(x509, pkey);
X509_NAME *name = X509_get_subject_name(x509);
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
(unsigned char *)"IN", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
(unsigned char *)"Company", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
(unsigned char *)"localhost", -1, -1, 0);
X509_set_issuer_name(x509, name);
if(X509_sign(x509, pkey, EVP_sha256()) == 0){
printf("X509_sign failed, error 0x%lx\n", ERR_get_error());
const char* error_string = ERR_error_string(ERR_get_error(), NULL);
printf("X509_sign returns %s\n", error_string);
}
SSL_CTX_use_certificate(ctx, x509);
SSL_CTX_use_PrivateKey(ctx, pkey);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
此代码似乎在X509_sign上产生错误,如下所示:
X509_sign failed, error 0x6089095
X509_sign returns error:0D0DC006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib
我无法理解错误并继续。请指教。
谢谢!