[openssl-users] OpenSSL 1.1.0: No X509_STORE_CTX_set_cert_crl() function?
Stephan Mühlstrasser
stm at pdflib.com
Fri Jun 15 13:45:26 UTC 2018
Hi,
while porting from OpenSSL 1.0.2. to OpenSSL 1.1.0 I ran into the
following problem:
With OpenSSL 1.0.2. I plugged into the certificate verification
mechanism in order to capture the X509_CRL that was used to validate a
certificate. The original function pointer stored in the cert_crl member
of a X509_STORE_CTX structure was saved, and another function was
assigned to the cert_crl member that called the saved original cert_crl
function and then performed additional operations with the X509_CRL
structure.
It looks like in OpenSSL 1.1.0 I can no longer do that. There are only
functions available that return various function pointers from a
X509_STORE_CTX structure (like X509_STORE_CTX_get_cert_crl), but there
are no corresponding counterparts to set the function pointers.
Is this intentional, or is this an omission in OpenSSL 1.1.0? If this is
intentional, how could I reproduce the funtionality without having to
duplicate the code in the static cert_crl() function in x509_vfy.c?
Thanks
Stephan
More information about the openssl-users
mailing list