Mar*_*hio 4 c openssl certificate
我的程序使用OpenSSL,需要根据需要创建自签名证书.它运行的系统无法访问'openssl'CLI命令,因此我无法使用它.相反,我需要通过使用OpenSSL X509 API来实现这一点.
请注意,我不需要创建证书FILE,只需要创建证书; OpenSSL称之为"X509"结构.
我找不到有关如何执行此操作的任何文档.
我怎样才能做到这一点?
谢谢.
这是一个有用的示例代码
X509 *certificate = NULL;
EVP_PKEY *pkey = NULL;
int ASN1_INTEGER *serialNumber = NULL;
int i = 0;
RSA *rsaKeyPair = NULL;
BIGNUM *e = NULL;
X509_NAME *name = NULL;
time_t currentTime;
certificate = X509_new();
rsaKeyPair = RSA_new();
e = BN_new();
BN_set_word(e, 65537);
if (!RSA_generate_key_ex(rsaKeyPair, 1024, e, NULL))
{
ret = error;
}
/* the big number is no longer used */
BN_free(e);
e = NULL;
EVP_PKEY_assign_RSA(pkey,rsaKeyPair))
/* no more use for rsaKeyPair */
rsaKeyPair = NULL;
(void)X509_set_version(certificate,2);
/*Allocate and create serial number*/
serialNumber = M_ASN1_INTEGER_new();
/*implement serial number algorithm here*/
CreateSerialNumber(serialNumber);
/* set the serial number */
(void)X509_set_serialNumber(certificate,serialNumber);
/*Serial number set to certificate, free it now*/
M_ASN1_INTEGER_free(serialNumber);
serialNumber = NULL;
/* set the validity */
currentTime = time(0);
X509_gmtime_adj(X509_get_notBefore(certificate), 0);
X509_gmtime_adj(X509_get_notAfter(certificate), 1000);
/* set the public key from the privateKey structure into the certificate structure */
X509_set_pubkey(certificate,pkey);
/* get the subject name pointer */
name = X509_get_subject_name(certificate);}
/* country */
X509_NAME_add_entry_by_txt(
name,"C",MBSTRING_ASC, (unsigned char *)creationParams->Country, -1, -1, 0);
!X509_NAME_add_entry_by_txt(name,"O", MBSTRING_ASC, (unsigned char*) "sample", -1, -1, 0);
X509_NAME_add_entry_by_txt(
name,"CN",MBSTRING_ASC, (unsigned char*) creationParams->CommonName, -1, -1, 0);
/* its self signed: set issuer name = subject */
X509_set_issuer_name(certificate,name);
/* sign the certificate using sha-1 */
X509_sign(certificate,pkey,EVP_sha1());