I'm writing code to modify the subject key identifier for a cert. I've noticed that when the new SKI is written out that it doesn't have the ASN1 tag for the OCTET_STRING prepended to the data (0x0414 for the SKI). I've written the following code to work around that but it seems overly complicated. I'm new to the API and I'm wondering if there is a better way to do this.
EVP_PKEY *key = NULL; X509_PUBKEY *pubkey = NULL; X509 *cert = NULL; // .. load key and cert ... X509_set_pubkey( cert, key ); int loc = X509_get_ext_by_NID( cert, NID_subject_key_identifier, -1 ); X509_PUBKEY_set( &pubkey, key ); // calculate new SKI EVP_Digest( pubkey->public_key->data, pubkey->public_key->length, md_value, &md_val_len, EVP_sha1(), NULL ); // This seems overly complicated to get the ASN1 data... ASN1_OCTET_STRING *os = ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set( os, md_value, md_val_len ); unsigned char *d = NULL; int dlen = i2d_ASN1_OCTET_STRING( os, &d ); os2 = ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set( os2, d, dlen ); // Create new extension entry for SKI X509_EXTENSION_create_by_NID( &ex, NID_subject_key_identifier, 0, os2 ); // Replace ond SKI entry X509_delete_ext( cert, loc ); X509_add_ext( cert, ex, loc ); ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
