> To change the CSR require to parse it first, then form the new CSR with
> mentioned function.
> I want after parsing the CSR get the associative massive and than pass this
> massive to function that constructing new CSR.
> The format of argument-extensions must be corresponding in this two
> functions.
> How way can I archieve this?
> Thank you for help.
Write a little program that uses the libcrypto etc and that outputs
the data in the form you need may be an option.
If you like to parse some information in xml like the following, I
can give you a hint. An example of a csr (without extensions) but
the corresponding certs has them.
<X509_REQ>
<req_info type="X509_REQ_INFO">
<version type="ASN1_INTEGER">0</version>
<subject>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(countryName)2.5.4.6</object>
<value type="PRINTABLESTRING">FR</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(organizationName)2.5.4.10</object>
<value type="UTF8STRING">EdelWeb</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(organizationalUnitName)2.5.4.11</object>
<value type="UTF8STRING">Service EdelPKI</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(commonName)2.5.4.3</object>
<value type="UTF8STRING">Peter SYLVESTER <[EMAIL PROTECTED]></value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
</subject>
<pubkey type="X509_PUBKEY">
<algor type="X509_ALGOR">
<algorithm
type="ASN1_OBJECT">(rsaEncryption)1.2.840.113549.1.1.1</algorithm>
<parameter type="NULL" />
</algor>
<public_key
type="ASN1_BIT_STRING">30:81:98:02:81:90:06:85:6a:e4:f6:2e:11:73:b1:5d:4d:e1:6e:6e:af:ba:21:c1:46:9b:c4:fa:26:02:e1:b1:53:a6:dc:18:d6:b9:b6:c2:ec:0a:50:ae:ca:c0:ad:f2:0f:dd:24:ea:fa:9d:61:01:9d:0e:b5:01:9f:24:b1:c1:64:e3:d5:3a:24:fd:f2:84:66:c4:d7:ae:3a:75:57:fc:92:cb:30:14:87:06:53:1a:ee:ff:78:a6:62:fc:27:03:09:a4:66:6d:9d:91:be:ac:bc:23:44:f6:21:3a:36:9b:9f:3f:41:86:10:9b:06:76:b5:93:c1:31:8e:32:eb:0f:1e:ae:1d:05:0b:00:ed:2a:e9:d7:92:31:73:37:e8:cd:76:5d:8c:ac:59:4f:02:03:01:00:01</public_key>
</pubkey>
<attributes>
</attributes>
</req_info>
<sig_alg type="X509_ALGOR">
<algorithm
type="ASN1_OBJECT">(sha1WithRSAEncryption)1.2.840.113549.1.1.5</algorithm>
<parameter type="NULL" />
</sig_alg>
<signature
type="ASN1_BIT_STRING">03:60:dc:91:8c:69:fb:b2:f7:1d:1c:8b:38:f0:cf:e3:65:e4:ca:84:c4:c5:5c:f8:b7:a6:e3:12:b2:ad:b8:ff:33:2d:b5:a9:46:6c:2a:cf:cd:43:a8:5e:ce:75:3e:fa:a6:8e:3a:3b:05:29:27:03:92:f5:ee:52:5d:a9:ef:1e:b4:a7:e8:a9:be:9d:48:b8:77:ed:11:71:a9:47:51:1a:bc:d0:24:96:55:7b:7d:7a:f0:11:64:5b:b1:3c:10:8f:ac:43:eb:dd:de:af:3b:5a:a5:97:5a:aa:31:9e:46:de:0b:a2:47:fb:79:c3:58:69:a7:68:56:ed:d7:08:38:77:b8:69:44:d6:5a:c3:b2:13:0b:14:35:a8:75:35:4a:d7</signature>
</X509_REQ>
Since this had no extensions, here an output of the generated cert.
<X509>
<cert_info type="X509_CINF">
<version type="ASN1_INTEGER">2</version>
<serialNumber type="ASN1_INTEGER">10971639765603</serialNumber>
<signature type="X509_ALGOR">
<algorithm
type="ASN1_OBJECT">(sha1WithRSAEncryption)1.2.840.113549.1.1.5</algorithm>
<parameter type="NULL" />
</signature>
<issuer>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(countryName)2.5.4.6</object>
<value type="PRINTABLESTRING">FR</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(organizationName)2.5.4.10</object>
<value type="PRINTABLESTRING">EdelWeb</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(organizationalUnitName)2.5.4.11</object>
<value type="PRINTABLESTRING">Service EdelPKI</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(commonName)2.5.4.3</object>
<value type="PRINTABLESTRING">EdelPKI EdelWeb PersGEN</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
</issuer>
<validity type="X509_VAL">
<notBefore type="ASN1_TIME">(Oct 7 15:46:44 2004
GMT)041007154644Z</notBefore>
<notAfter type="ASN1_TIME">(Dec 16 15:46:44 2006
GMT)061216154644Z</notAfter>
</validity>
<subject>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(countryName)2.5.4.6</object>
<value type="PRINTABLESTRING">FR</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(organizationName)2.5.4.10</object>
<value type="UTF8STRING">EdelWeb</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(organizationalUnitName)2.5.4.11</object>
<value type="UTF8STRING">Service EdelPKI</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(commonName)2.5.4.3</object>
<value type="UTF8STRING">Peter SYLVESTER <[EMAIL PROTECTED]></value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
</subject>
<key type="X509_PUBKEY">
<algor type="X509_ALGOR">
<algorithm
type="ASN1_OBJECT">(rsaEncryption)1.2.840.113549.1.1.1</algorithm>
<parameter type="NULL" />
</algor>
<public_key
type="ASN1_BIT_STRING">30:81:98:02:81:90:06:85:6a:e4:f6:2e:11:73:b1:5d:4d:e1:6e:6e:af:ba:21:c1:46:9b:c4:fa:26:02:e1:b1:53:a6:dc:18:d6:b9:b6:c2:ec:0a:50:ae:ca:c0:ad:f2:0f:dd:24:ea:fa:9d:61:01:9d:0e:b5:01:9f:24:b1:c1:64:e3:d5:3a:24:fd:f2:84:66:c4:d7:ae:3a:75:57:fc:92:cb:30:14:87:06:53:1a:ee:ff:78:a6:62:fc:27:03:09:a4:66:6d:9d:91:be:ac:bc:23:44:f6:21:3a:36:9b:9f:3f:41:86:10:9b:06:76:b5:93:c1:31:8e:32:eb:0f:1e:ae:1d:05:0b:00:ed:2a:e9:d7:92:31:73:37:e8:cd:76:5d:8c:ac:59:4f:02:03:01:00:01</public_key>
</key>
<extensions>
<Extension type="X509_EXTENSION">
<object type="ASN1_OBJECT">(X509v3 Subject Alternative
Name)2.5.29.17</object>
<value>
<GeneralNames>
<GENERAL_NAME type="GENERAL_NAME">
<rfc822Name type="ASN1_IA5STRING">[EMAIL PROTECTED]</rfc822Name>
</GENERAL_NAME>
<GENERAL_NAME type="GENERAL_NAME">
<directoryName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(countryName)2.5.4.6</object>
<value type="PRINTABLESTRING">FR</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object
type="ASN1_OBJECT">(organizationName)2.5.4.10</object>
<value type="UTF8STRING">EdelWeb</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
<RelativeDistinguishedName type="ASN1_SET">
<X509_NAME_ENTRY>
<object type="ASN1_OBJECT">(commonName)2.5.4.3</object>
<value type="UTF8STRING">Peter SYLVESTER</value>
</X509_NAME_ENTRY>
</RelativeDistinguishedName>
</directoryName>
</GENERAL_NAME>
</GeneralNames>
</value>
</Extension>
<Extension type="X509_EXTENSION">
<object type="ASN1_OBJECT">(X509v3 Key Usage)2.5.29.15</object>
<critical type="BOOLEAN">TRUE</critical>
<value>
<ASN1_BIT_STRING>e0</ASN1_BIT_STRING>
</value>
</Extension>
<Extension type="X509_EXTENSION">
<object type="ASN1_OBJECT">(X509v3 Extended Key Usage)2.5.29.37</object>
<value>
<EXTENDED_KEY_USAGE>
<ASN1_OBJECT>(E-mail Protection)1.3.6.1.5.5.7.3.4</ASN1_OBJECT>
<ASN1_OBJECT>(TLS Web Client
Authentication)1.3.6.1.5.5.7.3.2</ASN1_OBJECT>
</EXTENDED_KEY_USAGE>
</value>
</Extension>
<Extension type="X509_EXTENSION">
<object type="ASN1_OBJECT">(X509v3 CRL Distribution
Points)2.5.29.31</object>
<value>
<CRLDistributionPoints>
<DIST_POINT>
<distpoint type="DIST_POINT_NAME">
<name.fullname>
<GENERAL_NAME type="GENERAL_NAME">
<uniformResourceIdentifier
type="ASN1_IA5STRING">http://edelpki.edelweb.fr/crl/EdelPKI-EdelWeb-PersGEN.crl</uniformResourceIdentifier>
</GENERAL_NAME>
</name.fullname>
</distpoint>
</DIST_POINT>
</CRLDistributionPoints>
</value>
</Extension>
<Extension type="X509_EXTENSION">
<object type="ASN1_OBJECT">(X509v3 Subject Key
Identifier)2.5.29.14</object>
<value>
<ASN1_OCTET_STRING>17:fc:82:30:bf:89:dc:fb:5d:eb:c8:97:1f:1c:98:a5:c8:6b:34:64</ASN1_OCTET_STRING>
</value>
</Extension>
<Extension type="X509_EXTENSION">
<object type="ASN1_OBJECT">(X509v3 Authority Key
Identifier)2.5.29.35</object>
<value>
<AUTHORITY_KEYID>
<keyid
type="ASN1_OCTET_STRING">9e:e5:0f:c1:14:95:49:1c:dd:5a:5d:5e:9c:ae:cd:01:6f:2f:94:79</keyid>
</AUTHORITY_KEYID>
</value>
</Extension>
</extensions>
</cert_info>
<sig_alg type="X509_ALGOR">
<algorithm
type="ASN1_OBJECT">(sha1WithRSAEncryption)1.2.840.113549.1.1.5</algorithm>
<parameter type="NULL" />
</sig_alg>
<signature
type="ASN1_BIT_STRING">0f:64:35:ff:b5:8a:72:14:62:6d:1c:ac:86:8a:4a:e2:d4:0b:de:1c:2a:4d:03:0c:7c:46:8f:36:1e:73:da:81:0a:d1:16:28:c8:17:55:c6:0e:95:bd:55:f3:b5:10:e3:6d:ba:7f:d6:76:1d:d5:34:91:f7:f5:7a:c8:e4:28:23:f2:58:03:e0:71:12:bd:48:79:33:6e:74:5f:0d:6e:1a:57:8a:f4:7b:c9:77:3d:9f:0e:88:61:2e:a6:3d:24:84:6a:c1:ad:4f:6a:8c:08:3b:bc:0b:41:f6:66:0b:eb:d7:0d:ec:28:f0:5a:3b:57:c2:d2:ab:46:97:57:8f:a3:2e:d9:9d:2d:48:19:02:48:dd:57:f4:d0:9b:c3:0b:ca:4e:91:dd:0a:ba:0b:c4:88:77:35:9d:eb:b4:fe:23:65:f7:1a:65:86:bb:3f:97:ff:e8:95:87:2d:d5:71:c6:14:44:35:2f:25:01:8b:50:73:b5:e1:cd:71:7d:7c:ae:95:48:16:c5:40:d9:a9:e8:42:d7:95:1b:4d:4e:b2:ee:1c:8e:62:20:a9:92:93:05:ec:b3:8d:de:ce:c0:ed:49:64:b4:2c:0e:70:7d:a6:52:f0:20:60:d9:5e:16:3d:1a:30:46:e5:f2:84:2c:5f:1c:11:d7:8b:a4:ca:b8:65:89:b5:e9:60:1c:b5:dc:cf:5a:31:92:d7:27:e5:21:6b:d9:26:24:97:9a:9f:0e:ff:7c:3e:ef:8c:55:c2:a7:1b:44:24:39:70:7a:df:12:d6:a8:f6:b5:ac:61:f7:0e:9f:ef:c9:4e:38:a9:08:a2:3b:2b:ed:b2:45:34:b1:b1:1e:89!
:cb:e1:23:52:d9:47:df:77:cf:30:d7:1e:ff:96:c4:c9:52:6b:7d:ce:6c:cc:bb:d2:10:12:0a:26:c9:0c:d9:38:0b:ef:f9:91:f6:84:6c:64:cd:bd:c5:83:af:ac:8a:e4:b5:9f:45:6a:d3:17:59:68:7a:3b:aa:b8:a2</signature>
<?X509
-----BEGIN CERTIFICATE-----
MIIEdjCCAuOgAwIBAgIGCfqIsNpjMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT
AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kx
IDAeBgNVBAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA0MTAwNzE1NDY0
NFoXDTA2MTIxNjE1NDY0NFowcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxX
ZWIxGDAWBgNVBAsMD1NlcnZpY2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lM
VkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJAZWRlbHdlYi5mcj4wga4wDQYJKoZIhvcN
AQEBBQADgZwAMIGYAoGQBoVq5PYuEXOxXU3hbm6vuiHBRpvE+iYC4bFTptwY1rm2
wuwKUK7KwK3yD90k6vqdYQGdDrUBnySxwWTj1Tok/fKEZsTXrjp1V/ySyzAUhwZT
Gu7/eKZi/CcDCaRmbZ2Rvqy8I0T2ITo2m58/QYYQmwZ2tZPBMY4y6w8erh0FCwDt
KunXkjFzN+jNdl2MrFlPAgMBAAGjggEjMIIBHzBiBgNVHREEWzBZgRpQZXRlci5T
eWx2ZXN0ZXJAZWRlbHdlYi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdF
ZGVsV2ViMRgwFgYDVQQDDA9QZXRlciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXg
MB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjBKBgNVHR8EQzBBMD+gPaA7
hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9FZGVsUEtJLUVkZWxXZWIt
UGVyc0dFTi5jcmwwHQYDVR0OBBYEFBf8gjC/idz7XevIlx8cmKXIazRkMB8GA1Ud
IwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MA0GCSqGSIb3DQEBBQUAA4IBfAAP
ZDX/tYpyFGJtHKyGikri1AveHCpNAwx8Ro82HnPagQrRFijIF1XGDpW9VfO1EONt
un/Wdh3VNJH39XrI5Cgj8lgD4HESvUh5M250Xw1uGleK9HvJdz2fDohhLqY9JIRq
wa1PaowIO7wLQfZmC+vXDewo8Fo7V8LSq0aXV4+jLtmdLUgZAkjdV/TQm8MLyk6R
3Qq6C8SIdzWd67T+I2X3GmWGuz+X/+iVhy3VccYURDUvJQGLUHO14c1xfXyulUgW
xUDZqehC15UbTU6y7hyOYiCpkpMF7LON3s7A7UlktCwOcH2mUvAgYNleFj0aMEbl
8oQsXxwR14ukyrhlibXpYBy13M9aMZLXJ+Uha9kmJJeanw7/fD7vjFXCpxtEJDlw
et8S1qj2taxh9w6f78lOOKkIojsr7bJFNLGxHonL4SNS2Uffd88w1x7/lsTJUmt9
zmzMu9IQEgomyQzZOAvv+ZH2hGxkzb3Fg6+siuS1n0Vq0xdZaHo7qrii
-----END CERTIFICATE-----
?>
</X509>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
