On Sat, Mar 01, 2014, Dr. Stephen Henson wrote: > On Sat, Mar 01, 2014, Jeffrey Walton wrote: > > > I'm building a ca cert following .../demos/mkcert.c. The program is failing > > at: > > > > X509_EXTENSION* ex4 = > > X509V3_EXT_conf_nid(NULL, NULL, NID_subject_key_identifier, "hash"); > > err = ERR_get_error(); > > ... > > > > $ openssl errstr 0x22073072 > > error:22073072:X509 V3 routines:S2I_SKEY_ID:no public key > > > > The public key was set earlier with the private key as in mkcert.c. > > > > I also tried with X509V3_EXT_nconf_nid, but got the same error. > > > > Library startup code calls the following: > > > > * OPENSSL_no_config(); > > * FIPS_mode_set(1); > > * SSL_library_init(); > > > > Googling turned up no hits; Viega's book does not discuss it, and > > Rescorla's book does not discuss it. > > > > Any ideas what is causing the 0x22073072 error? > > > > The extension code needs access to the public key in order to create the SKID. > > This is done using the X509V3_CTX parameter to X509V3_EXT_conf_nid which > you've set to NULL. > > See the add_ext function in mkcert.c for details of how to set it up. >
Oops, didn't notice this had already been answered. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
