如何在 c++ 中更改现有证书签名请求 (CSR) 的版本字段
How to change in c++ the Version field of an existing certificate signing request (CSR)
我在一个项目中工作,其中我收到一个 PEM 格式的.csr文件,我需要更改版本字段并将更改的 csr 保存到 PEM 格式的新.csr文件中。我用 c++ 编写以下代码:
bool changeCSR_Version()
{
bool ret = false;
X509_REQ *req_rd = NULL;
X509_REQ *tmp_req = NULL;
// read the template SCR-file as PEM-encoded
FILE *pOld_SCR = fopen("C:\temp\old.csr", "rb");
if (pOld_SCR != NULL)
{
req_rd = PEM_read_X509_REQ(pOld_SCR, NULL, NULL, NULL);
fclose(pOld_SCR);
tmp_req = X509_REQ_dup(req_rd);
if (tmp_req != NULL)
{
//show content of the old csr
X509_REQ_print_fp(stdout, tmp_req);
//change version
X509_REQ_INFO *ri;
ri = tmp_req->req_info;
ri->version->length = 1;
ri->version->data = (unsigned char *)OPENSSL_malloc(1);
if (ri->version->data == NULL) goto free_all;
ri->version->data[0] = 2; /* version == 0 */
//show content of the new csr
X509_REQ_print_fp(stdout, tmp_req);
//save the new csr in a new file
FILE *pNew_SCR = fopen("C:\temp\new.csr", "wb");
if (pNew_SCR != NULL)
{
PEM_write_X509_REQ(pNew_SCR, tmp_req);
fclose(pNew_SCR);
}
}
//fclose(pOld_SCR);
}
free_all:
// free all the stuff ....
X509_REQ_free(tmp_req);
return ret;
}
在考虑控制台输出时似乎工作正常!看第一个截图!但是,新创建的文件 new.csr 始终包含版本 = 0!??见第二张截图!知道如何修复错误吗?!
主要我想了解为什么控制台输出与新创建的 csr 文件不同!?代码中的错误在哪里?感谢
控制台输出:
Certificate Request:
Data:
Version: 0 (0x0)
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:ba:
4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2f:
72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2e:
a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6d:
e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:42:
e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:bf:
5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:81:
31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f0:
02:62:fc:cd:19:e8:83:52:b7
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Key Usage:
Digital Signature, Key Agreement, Certificate Sig
Signature Algorithm: sha1WithRSAEncryption
11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
6c:20
Certificate Request:
Data:
Version: 2 (0x2)
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:ba:
4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2f:
72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2e:
a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6d:
e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:42:
e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:bf:
5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:81:
31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f0:
02:62:fc:cd:19:e8:83:52:b7
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Key Usage:
Digital Signature, Key Agreement, Certificate Sig
Signature Algorithm: sha1WithRSAEncryption
11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
6c:20
并通过 openssl cmd 读取新的 new.csr 文件:
c:temp>
c:temp>openssl req -in old.csr -noout -text
Certificate Request:
Data:
**Version: 0 (0x0)**
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:b
4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2
72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2
a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6
e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:4
e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:b
5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:8
31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f
02:62:fc:cd:19:e8:83:52:b7
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Key Usage:
Digital Signature, Key Agreement, Certificate S
Signature Algorithm: sha1WithRSAEncryption
11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
6c:20
c:temp>openssl req -in new.csr -noout -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:56:87:a4:be:cb:11:5d:ae:d4:cd:d7:a8:b6:b
4e:ea:0a:c9:52:bf:6c:99:f2:8e:d9:6f:5c:6e:2
72:64:53:8b:0d:93:65:d5:2e:a0:9f:7c:b1:3a:2
a5:a6:b0:ef:b5:84:7d:1f:96:0c:7c:d6:0f:2f:6
e1:b4:21:46:21:7f:b5:52:e0:58:04:9e:65:2e:4
e4:80:f3:b6:2f:50:95:de:aa:b3:6a:8f:53:bf:b
5e:49:d2:37:72:d1:de:a5:7e:39:35:91:8d:b4:8
31:7e:50:35:e5:7b:61:bb:da:b3:48:5c:58:50:f
02:62:fc:cd:19:e8:83:52:b7
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Key Usage:
Digital Signature, Key Agreement, Certificate S
Signature Algorithm: sha1WithRSAEncryption
11:23:f1:86:76:c0:d1:8c:0c:a9:6d:f3:c1:f1:5f:d9:f0:e3:
51:14:26:95:ae:11:3b:66:86:39:f3:f3:b0:c4:2c:75:3d:e5:
58:2e:20:8f:32:b7:42:27:0a:91:4e:df:3b:33:03:e7:bb:05:
c5:8c:74:c5:51:00:8e:de:7f:5b:2f:0a:2f:1e:a5:85:92:e7:
1d:fe:2f:50:2a:6c:5a:6d:8b:70:07:3c:31:6e:6a:73:02:5c:
d2:80:d4:70:e6:af:ad:a9:bb:25:44:e2:e6:45:3b:98:ce:2c:
aa:35:15:a5:a1:5b:30:68:fd:48:df:e6:a7:b2:d2:d1:70:68:
6c:20
c:temp>
我看到您修改了类型为 X509_REQ_INFO* 的变量 ri 中的文件版本......
ri->version->data[0] = 2;
然而,您用于将修改后的数据写入 new .csr 的结构不是 ri,而是类型 X509_REQ* 的变量tmp_req......
PEM_write_X509_REQ(pNew_SCR, tmp_req);
相关文章:
- 有关插入适配器的错误。[错误]请求从 'back_insert_iterator<vector<>>' 类型转换为非标量类型
- 如何在boost beast http请求中设置http头
- 发送一个带有libcurl C++问题的帖子请求:s
- 在多个核心中处理一个HTTP请求
- Using C++ CryptAPI:CNG Create CSR
- 错误:请求非类类型为"MULTIMEDIA_FILME [500]"的成员|
- 使用 Winsock2.h C++向不和谐 API 发送 HTTP 请求时出现问题
- 每个服务器请求的内存预算
- std::getline没有在while循环中重新请求用户输入
- 请求最简单的 OpenMP 目标 GPU 示例
- 请求有关C++中嵌入 for 循环的帮助
- 错误:请求从"常量字符 [5]"转换为非标量类型"字符串"
- 使用 winsock 接收 http 请求
- QNetworkAccessManager 稍后在添加请求时删除
- 为什么我收到来自谷歌的错误请求?
- 从网链套接字请求连接设备的列表
- libcurl :C++处理多个异步请求
- 对于 http 请求,python 比 c++ 快吗?
- 通过引用传递向量是请求 std::分配器
- 如何在 c++ 中更改现有证书签名请求 (CSR) 的版本字段