如何以C语言编程方式创建证书签名请求 (CSR)?(openssl 0.9.8)
1、openssl ecparam -genkey -name prime192v4 -out $outfile.pem
2、openssl req -ecdsa-with-SHA256 -new -key $outfile.pem -subj "/DC=$dc/C=$c/O=$o/OU=$ou/CN=$subj@$cert" -out $outfile.csr
如何用c与语言实现第2条命令($outfile.pem已存在)?
这种需要从OpenSSL源码扣出来你想要的代码就行了。工作量不少
对它了解不多,提供参考实例,期望对你编写程序有所帮助:https://qa.1r1g.com/sf/ask/2726470351/
【下面截图是以实例的形式讲解了如何实现以C语言编程方式创建证书签名请求 (CSR)的过程,讲解详细,注解清晰】
该函数具有三个参数:
1:指向证书请求(在第一步中生成)
2:到ca的路径(上面的命令片段中的-CA rootCA.crt)
3:ca密钥(-CAkey rootCA.key)的路径
可以通过以下方式使用功能:
int save_cert_req(X509_REQ *p_cert_req, const char *path) {
FILE *p_file = NULL;
if (NULL == (p_file = fopen(path, "w"))) {
printf("failed to open file for saving csr\n");
return -1;
}
PEM_write_X509_REQ(p_file, p_cert_req);
fclose(p_file);
return 0;
}
int save_cert(X509 *p_generated_cert, const char *path) {
FILE *p_file = NULL;
if (NULL == (p_file = fopen(path, "w"))) {
printf("failed to open file for saving csr\n");
return -1;
}
PEM_write_X509(p_file, p_generated_cert);
fclose(p_file);
return 0;
}
int main() {
int ret = 0;
X509_REQ *p_cert_req = NULL;
X509 *p_generated_cert = NULL;
p_cert_req = generate_cert_req(CERT_REQUEST_KEY_PATH);
if (NULL == p_cert_req) {
printf("failed to generate cert req\n");
ret = -1;
goto CLEANUP;
}
if (save_cert_req(p_cert_req, GENERATED_CERT_REQUEST_SAVE_PATH)) {
printf("failed to save generated cert request\n");
ret = -1;
goto CLEANUP;
}
p_generated_cert = generate_cert(p_cert_req, CERT_CA_PATH, CERT_CA_KEY_PATH);
if (NULL == p_generated_cert) {
printf("failed to generate cert\n");
ret = -1;
goto CLEANUP;
}
if (save_cert(p_generated_cert, GENERATED_CERT_SAVE_PATH)) {
printf("failed to save generated cert\n");
ret = -1;
goto CLEANUP;
}
printf("the certificates have been generated.");
CLEANUP:
X509_REQ_free(p_cert_req);
X509_free(p_generated_cert);
return ret;
}