5
이 섹션을 인증서에 추가하려면 어떻게합니까 (C++을 사용하여 수동으로 작성해야합니다). OpenSSL 인증서에 키 식별자가 없습니다.
X509v3 Subject Key Identifier:
A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0
X509v3 Authority Key Identifier:
keyid:A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0
static X509 * GenerateSigningCertificate(EVP_PKEY* pKey)
{
X509 *x;
x = X509_new(); //create x509 certificate
X509_set_version(x, NID_X509);
ASN1_INTEGER_set(X509_get_serialNumber(x), 0x00000000); //set serial number
X509_gmtime_adj(X509_get_notBefore(x), 0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*365); //1 year
X509_set_pubkey(x, pKey); //set pub key from just generated rsa
X509_NAME *name;
name = X509_get_subject_name(x);
NAME_StringField(name, "C", "LV");
NAME_StringField(name, "CN", "Point"); //common name
NAME_StringField(name, "O", "Point"); //organization
X509_set_subject_name(x, name); //save name fields to certificate
X509_set_issuer_name(x, name); //save name fields to certificate
X509_EXTENSION *ex;
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
X509_add_ext(x,ex,-1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment, "example comment extension");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name, "www.lol.lv");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical,CA:TRUE");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
X509_sign(x, pKey, EVP_sha1()); //sign x509 certificate
return x;
}
에 다음 줄을 추가 : 사람으로이보고 샘플 코드,이 호출은 "X509_set_version (x, NID_X509);" 잘못되었습니다 "X509_set_version (x, 2);" – Wheezil