Mark E. Schoneman wrote:
>
> Hopefully a quick question. I have a certificate request the when printed
> out has
> "Requested Extensions". How can I add these to the final certificate? Any
> pointers would help.
>
> Mark S.
You need to write your own code to do this.
It would have been possible to add an option to 'x509' and 'ca' to just
copy extensions across.
However at a minimum the extensions need to be displayed before someone
confirms they want to sign a request (something 'ca' doesn't do)
Without this it might allow someone to end up getting a CA certificate
from an appropriately formatted request I decided not to do this until
some kind "request extension policy" was implemented.
Anyway what you need to do is to get a STACK_OF(X509_EXTENSION) from the
request and then add them to the certificate. Check out the source of
the X509_REQ_print() function for example.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
