我们现有的生成CSR的代码如下:
void create_csr()
{
EVP_PKEY * pk = EVP_PKEY_new();
RSA * rsa = RSA_generate_key(RSA_SIZE, RSA_F4, NULL, NULL);
EVP_PKEY_set1_RSA(pk, rsa);
X509_REQ * x = X509_REQ_new();
X509_REQ_set_pubkey(x, pk);
BIO * outBio = BIO_new(BIO_s_mem());
PEM_write_bio_X509_REQ(outBio, x)
char * buf;
size_t bufLen = BIO_get_mem_data(outBio, &buf);
WriteToFile(buf, bufLen, "cert_req.csr"); // <== File IO details inside
}
运行# openssl asn1parse -in cert_req.csr
使用OpenSSL 1.0.1e-fips 11 Feb 2013
:
0:d=0 hl=4 l= 312 cons: SEQUENCE
4:d=1 hl=4 l= 300 cons: SEQUENCE
8:d=2 hl=2 l= 0 prim: INTEGER :00
10:d=2 hl=2 l= 0 cons: SEQUENCE
12:d=2 hl=4 l= 290 cons: SEQUENCE
16:d=3 hl=2 l= 13 cons: SEQUENCE
18:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
29:d=4 hl=2 l= 0 prim: NULL
31:d=3 hl=4 l= 271 prim: BIT STRING
306:d=2 hl=2 l= 0 cons: cont [ 0 ]
308:d=1 hl=2 l= 3 cons: SEQUENCE
310:d=2 hl=2 l= 1 prim: OBJECT :itu-t
313:d=1 hl=2 l= 1 prim: BIT STRING
使用OpenSSL 1.1.1b 26 Feb 2019
:
0:d=0 hl=4 l= 310 cons: SEQUENCE
4:d=1 hl=4 l= 301 cons: SEQUENCE
8:d=2 hl=2 l= 1 prim: INTEGER :00
11:d=2 hl=2 l= 0 cons: SEQUENCE
13:d=2 hl=4 l= 290 cons: SEQUENCE
17:d=3 hl=2 l= 13 cons: SEQUENCE
19:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
30:d=4 hl=2 l= 0 prim: NULL
32:d=3 hl=4 l= 271 prim: BIT STRING
307:d=2 hl=2 l= 0 cons: cont [ 0 ]
309:d=1 hl=2 l= 0 cons: SEQUENCE
311:d=1 hl=2 l= 1 prim: BIT STRING
似乎在OpenSSL 1.1.1b 26 Feb 2019
中,prim: OBJECT :itu-t
字段被忽略了。
尝试使用OpenSSL 1.0.1e-fips 11 Feb 2013
shell命令读取由OpenSSL 1.1.1b 26 Feb 2019
生成的CSR失败,如下所示:
# openssl req -in cert_req.csr -pubkey -noout -outform pem
unable to load X509 request
140324106245960:error:0D078079:asn1 encoding routines:ASN1_ITEM_EX_D2I:field missing:tasn_dec.c:526:Field=algorithm, Type=X509_ALGOR
140324106245960:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:777:Field=sig_alg, Type=X509_REQ
140324106245960:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
基于OpenSSL 1.0.1e-fips 11 Feb 2013
的服务器无法解析CSR并生成证书
关注问题:有没有一种方法可以使OpenSSL 1.1.1b 26 Feb 2019
使用itu-t
作为签名算法,并将prim: OBJECT :itu-t
字段和值插入ASN .1编码,何时生成CSR?怎么样?
非常感谢!