Skip to content

A small bug of using "openssl x509 -req ..." to self sign a SM2 certificate #11241

@Neo-ZK

Description

@Neo-ZK

I'd like to use openssl to self-sign a sm2 certificate like this way:
"openssl x509 -req -in sm2.csr.pem -signkey sm2.key.pem -out sm2.cert.pem "

but it would give me a problem:
"Request self-signature did not match the certificate request"

Actually this problem is caused by signing sm2 cert without seting a sm2-id. I'd like to fix this problem and make a pull request.

When the problem is solved, the usage looks would like this(similar to pr9085-https://github.com/openssl/openssl/pull/9085):
"openssl x509 -req -in sm2.csr.pem -signkey sm2.key.pem -out sm2.cert.pem -sm3 -sm2-id 1234567812345678 -sigopt "sm2_id:1234567812345678""

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue: bug reportThe issue was opened to report a bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions