Julio Sánchez Fernández wrote:
>
> If I do openssl x509 -x509toreq, I need a private key. However,
> function X509_to_X509_REQ allows the pkey argument to be NULL.
>
> Why do I need this? Can I just modify x509.c not to insist in
> finding the private key?
>
The private key is needed to sign the certificate request.
If the private key is absent then the signature on the certificate
request will be invalid. Some software might tolerate an invalid
signature on a certificate request: but they shouldn't.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
