Please don't top post. >> Look at apps/x509.c function x509_certify().
> you're kidding right? That has to be some of the most atrocious > and confusing code i have ever seen. I dont suppose anyone has > anything more practical as an example? > Perhaps some documentation on the process or such. I just took a look at that code, and it seems very straightforward and well documented. It very clearly: grabs the public key from the CA; initializes the X509 structure; creates a serial number for the certificate; verifies that the CA private key is correct; sets the issuer name, serial number, and validity times; sets the version and any extensions, and then signs the certificate. I honestly can't imagine what more you could want. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
