升级openssl后CSR生成代码中断

时间:2019-05-20 08:32:18

标签: c openssl upgrade signing csr

我们现有的生成CSR的代码如下:

void create_csr()
{
    EVP_PKEY * pk = EVP_PKEY_new();
    RSA * rsa = RSA_generate_key(RSA_SIZE, RSA_F4, NULL, NULL);
    EVP_PKEY_set1_RSA(pk, rsa);
    X509_REQ * x = X509_REQ_new();
    X509_REQ_set_pubkey(x, pk);

    BIO * outBio = BIO_new(BIO_s_mem());
    PEM_write_bio_X509_REQ(outBio, x)
    char * buf;
    size_t bufLen = BIO_get_mem_data(outBio, &buf);
    WriteToFile(buf, bufLen, "cert_req.csr"); // <== File IO details inside
}

运行# openssl asn1parse -in cert_req.csr

使用OpenSSL 1.0.1e-fips 11 Feb 2013

    0:d=0  hl=4 l= 312 cons: SEQUENCE          
    4:d=1  hl=4 l= 300 cons: SEQUENCE          
    8:d=2  hl=2 l=   0 prim: INTEGER           :00
   10:d=2  hl=2 l=   0 cons: SEQUENCE          
   12:d=2  hl=4 l= 290 cons: SEQUENCE          
   16:d=3  hl=2 l=  13 cons: SEQUENCE          
   18:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   29:d=4  hl=2 l=   0 prim: NULL              
   31:d=3  hl=4 l= 271 prim: BIT STRING        
  306:d=2  hl=2 l=   0 cons: cont [ 0 ]        
  308:d=1  hl=2 l=   3 cons: SEQUENCE          
  310:d=2  hl=2 l=   1 prim: OBJECT            :itu-t
  313:d=1  hl=2 l=   1 prim: BIT STRING        

使用OpenSSL 1.1.1b 26 Feb 2019

    0:d=0  hl=4 l= 310 cons: SEQUENCE          
    4:d=1  hl=4 l= 301 cons: SEQUENCE          
    8:d=2  hl=2 l=   1 prim: INTEGER           :00
   11:d=2  hl=2 l=   0 cons: SEQUENCE          
   13:d=2  hl=4 l= 290 cons: SEQUENCE          
   17:d=3  hl=2 l=  13 cons: SEQUENCE          
   19:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   30:d=4  hl=2 l=   0 prim: NULL              
   32:d=3  hl=4 l= 271 prim: BIT STRING        
  307:d=2  hl=2 l=   0 cons: cont [ 0 ]        
  309:d=1  hl=2 l=   0 cons: SEQUENCE          
  311:d=1  hl=2 l=   1 prim: BIT STRING        

似乎在OpenSSL 1.1.1b 26 Feb 2019中,prim: OBJECT :itu-t字段被忽略了。

尝试使用OpenSSL 1.0.1e-fips 11 Feb 2013 shell命令读取由OpenSSL 1.1.1b 26 Feb 2019生成的CSR失败,如下所示:

# openssl req -in cert_req.csr -pubkey -noout -outform pem 
unable to load X509 request
140324106245960:error:0D078079:asn1 encoding routines:ASN1_ITEM_EX_D2I:field missing:tasn_dec.c:526:Field=algorithm, Type=X509_ALGOR
140324106245960:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:777:Field=sig_alg, Type=X509_REQ
140324106245960:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

基于OpenSSL 1.0.1e-fips 11 Feb 2013的服务器无法解析CSR并生成证书

关注问题:有没有一种方法可以使OpenSSL 1.1.1b 26 Feb 2019使用itu-t作为签名算法,并将prim: OBJECT :itu-t字段和值插入ASN .1编码,何时生成CSR?怎么样?

非常感谢!

0 个答案:

没有答案