> Im writting a client/server application, using C++, the
> server follows a multithread model, and I want to generate
> new certificates for each new client that connects with my
> server.
Your code is building a certificate request when what it needs is a
certificate. Here's some rough code that will generate a self-signed
certificate that is valid from yesterday until a year from yesterday:
X509 *BuildCertificate(const char *dn, EVP_PKEY *key)
{
/* Create an X509_NAME structure to hold the distinguished name */
X509_NAME *n=X509_NAME_new();
int nid=OBJ_txt2nid("CN");
X509_NAME_add_entry_by_NID(n,nid,0x1001,(unsigned char *) dn,-1,-1,-0);
X509 *c=X509_new();
/* Set subject and issuer names to the X509_NAME we made */
X509_set_issuer_name(c, n);
X509_set_subject_name(c, n);
X509_NAME_free(n);
/* Set serial numbre to zero */
ASN1_INTEGER_set(X509_get_serialNumber(*c),0);
/* Set the valid/expiration times */
ASN1_UTCTIME *s=ASN1_UTCTIME_new();
X509_gmtime_adj(s, -60*60*24);
X509_set_notBefore(c, s);
X509_gmtime_adj(s, 60*60*24*364);
X509_set_notAfter(c, s);
ASN1_UTCTIME_free(s);
/* Set the public key */
X509_set_pubkey(c, key);
/* Self-sign it */
X509_sign(c, key, EVP_sha1());
return c;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
