[openssl-users] Help finding replacement for ASN1_seq_unpack_X509
Dr. Stephen Henson
steve at openssl.org
Thu Jul 21 19:00:03 UTC 2016
On Thu, Jul 21, 2016, Jim Carroll wrote:
> Steve,
>
> I ran into problems with swig when I tried to deploy you suggestion. Your
> solution was slick pre-processor magic's and I was having difficulty
> reversing the magic to troubleshoot swig (and I was a little shy about
> admitting I didn't understand your suggestion).
>
Well there are various things going on underneath which can be hard to follow
if you aren't used to them. Here's a bit more detail about what is going on.
Initially we just include the necessary headers:
#include <openssl/x509.h>
#include <openssl/asn1t.h>
ASN.1 encode/decode routines generally use a structure name. We have
STACK_OF(X509) but no name for that so we can make one up which I call
SEQ_CERT:
typedef STACK_OF(X509) SEQ_CERT;
The next bit defines an ASN.1 module structure which says the SEQ_CERT is
a SEQUENCE OF X509:
ASN1_ITEM_TEMPLATE(SEQ_CERT) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, SeqCert, X509)
ASN1_ITEM_TEMPLATE_END(SEQ_CERT)
Here SEQ_CERT is the structure name which that macro defines as a SEQUENCE OF
X509. The "SeqCert" is just a string that is used as a name in the definition:
it can be anything.
Now that's all very well but it doesn't actually define any functions. The bit
that does that is this:
IMPLEMENT_ASN1_FUNCTIONS(SEQ_CERT)
This implements four functions but we're only interested in the encode and
decode ones which look like this:
int i2d_SEQ_CERT(SEQ_CERT *a, unsigned char **pp);
TYPE *d2i_SEQ_CERT(SEQ_CERT **a, unsigned char **pp, long length);
These behave like regular ASN.1 functions you pass in SEQ_CERT: which is
STACK_OF(X509) to the i2d_SEQ_CERT and it encodes the result as a SEQUENCE
OF X509 which is the same format as the original.
Similarly you can decode using d2i_SEQ_CERT() and get back a STACK_OF(X509).
If you have this in a separate module you can declare the new functions (e.g.
in a header file) with:
DECLARE_ASN1_FUNCTIONS(SEQ_CERT)
Hope that helps. If you have any further problems let me know.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list