OpenSSL CSR parse command display Version Unknown

[raviteja-b]

While parsing CSR using openssl command line noticed version field shows as Unknown.

openssl req -in csrv1.txt -noout -text
Certificate Request:
    Data:
        Version: Unknown (1)
        Subject: L = new town, CN = new system, C = US, algorithm = RSA, extendedKeyUsage = ServerAuthentication, O =TEST, OU = TestOrg, ST = new jersey
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)

Openssl version used

openssl version
OpenSSL 3.0.10 

The same CSR shows correct version with old version of OpenSSL 1.1.1k

CSR version set to 1 using X509_REQ_set_version(x509Req.get(), nVersion);

[raviteja-b]

why version field of CSR is shown as Unknown with latest openssl ?

[davidben]

CSR version set to 1 using X509_REQ_set_version(x509Req.get(), nVersion);

This code snippet is not sufficient to see what you did because you did not provide the value of nVersion. That said, I can guess as to what went wrong. Your code is incorrect. In fact, a compliant CSR parser would refuse to parse your structure altogether, not just print "Unknown".

1 is not the correct version number for a CSR. CSR versions are defined as:

version       INTEGER { v1(0) } (v1,...),

https://www.rfc-editor.org/rfc/rfc2986.html#section-4

This means a version v1 CSR actually has value zero. You should be using the constant X509_REQ_VERSION_1, not 1. Better yet, just don't call X509_REQ_set_version at all because there is only one CSR version defined, so you can and should just leave it at the default.