Adding signature items to X509 certificate structure

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Adding signature items to X509 certificate structure

Kenneth Goldman
This use case is that I have an HSM that internally forms an X509
certificate and returns the signature.  I have to reconstruct the X509
structure externally.

I have everything but the signature and its algorithm.

How can I programmatically set these values?

What I do now is:

- X509_ALGOR_set0() to set the x509->cert_info->signature and
x509->sigalg members with OBJ_nid2obj(NID_sha256WithRSAEncryption)

- free the x509->signature->data, malloc one of the right size, set
x509->signature->length and memcpy the signature

Is there a better way?

It feels like this requires a lot peering inside structures, and I
suspect it will need a rework for openssl 1.1.