C++ 如何在c++;现有证书签名请求(CSR)的版本字段
我在一个项目中工作,我收到一个PEM格式的.csr文件,我需要更改版本字段,并将更改后的csr保存为PEM格式的新.csr文件。我用c++编写以下代码:C++ 如何在c++;现有证书签名请求(CSR)的版本字段,c++,openssl,C++,Openssl,我在一个项目中工作,我收到一个PEM格式的.csr文件,我需要更改版本字段,并将更改后的csr保存为PEM格式的新.csr文件。我用c++编写以下代码: bool changeCSR_Version() { bool ret = false; X509_REQ *req_rd = NULL; X509_REQ *tmp_req = NULL; // read the template SCR-file as PEM-encoded FILE *pOld_SCR = fo
bool changeCSR_Version()
{
bool ret = false;
X509_REQ *req_rd = NULL;
X509_REQ *tmp_req = NULL;
// read the template SCR-file as PEM-encoded
FILE *pOld_SCR = fopen("C:\\temp\\old.csr", "rb");
if (pOld_SCR != NULL)
{
req_rd = PEM_read_X509_REQ(pOld_SCR, NULL, NULL, NULL);
fclose(pOld_SCR);
tmp_req = X509_REQ_dup(req_rd);
if (tmp_req != NULL)
{
//show content of the old csr
X509_REQ_print_fp(stdout, tmp_req);
//change version
X509_REQ_INFO *ri;
ri = tmp_req->req_info;
ri->version->length = 1;
ri->version->data = (unsigned char *)OPENSSL_malloc(1);
if (ri->version->data == NULL) goto free_all;
ri->version->data[0] = 2; /* version == 0 */
//show content of the new csr
X509_REQ_print_fp(stdout, tmp_req);
//save the new csr in a new file
FILE *pNew_SCR = fopen("C:\\temp\\new.csr", "wb");
if (pNew_SCR != NULL)
{
PEM_write_X509_REQ(pNew_SCR, tmp_req);
fclose(pNew_SCR);
}
}
//fclose(pOld_SCR);
}
free_all:
// free all the stuff ....
X509_REQ_free(tmp_req);
return ret;
}
在考虑控制台输出时,这似乎工作得很好!看第一个截图!
但是,新创建的文件new.csr始终包含版本=0!!??
看第二个截图!
知道如何修正错误吗
我想了解为什么控制台输出与新创建的csr文件不同!?代码中的错误在哪里?
Thx
控制台输出:
Certificate Request:
Data:
Version: 0 (0x0)
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:ba:
4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2f:
72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2e:
a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6d:
e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:42:
e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:bf:
5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:81:
31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f0:
02:62:fc:cd:19:e8:83:52:b7
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Key Usage:
Digital Signature, Key Agreement, Certificate Sig
Signature Algorithm: sha1WithRSAEncryption
11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
6c:20
Certificate Request:
Data:
Version: 2 (0x2)
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:ba:
4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2f:
72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2e:
a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6d:
e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:42:
e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:bf:
5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:81:
31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f0:
02:62:fc:cd:19:e8:83:52:b7
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Key Usage:
Digital Signature, Key Agreement, Certificate Sig
Signature Algorithm: sha1WithRSAEncryption
11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
6c:20
并通过openssl cmd读取新的.csr文件:
c:\temp>
c:\temp>openssl req -in old.csr -noout -text
Certificate Request:
Data:
**Version: 0 (0x0)**
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:b
4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2
72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2
a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6
e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:4
e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:b
5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:8
31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f
02:62:fc:cd:19:e8:83:52:b7
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Key Usage:
Digital Signature, Key Agreement, Certificate S
Signature Algorithm: sha1WithRSAEncryption
11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
6c:20
c:\temp>openssl req -in new.csr -noout -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:b
4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2
72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2
a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6
e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:4
e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:b
5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:8
31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f
02:62:fc:cd:19:e8:83:52:b7
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Key Usage:
Digital Signature, Key Agreement, Certificate S
Signature Algorithm: sha1WithRSAEncryption
11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
6c:20
c:\temp>
我看到您在变量ri中修改了X509_REQ_INFO*类型的文件版本
ri->version->data[0] = 2;
然而,您用于将修改后的数据写入new.csr的结构不是ri,而是X509_-req*类型的变量tmp_-req
PEM_write_X509_REQ(pNew_SCR, tmp_req);
这没关系!因为ri是tmp_req的req_信息:ri=tmp_req->req_info。这个要求有点问题。除非你有私钥,否则我不知道你怎么能在不使签名无效的情况下做到这一点,在这种情况下,只需在正确的版本中生成一个新的CSR就更简单了。私钥可用于新的CSR。我想了解为什么控制台输出与新csr文件不同!?代码中的错误在哪里?