[openssl-users] OpenSSL 1.1.0: No X509_STORE_CTX_set_cert_crl() function?
Stephan Mühlstrasser
stm at pdflib.com
Fri Jun 15 14:51:01 UTC 2018
Am 15.06.18 um 16:36 schrieb Salz, Rich via openssl-users:
> It looks like in OpenSSL 1.1.0 I can no longer do that. There are only
> functions available that return various function pointers from a
> X509_STORE_CTX structure (like X509_STORE_CTX_get_cert_crl), but there
> are no corresponding counterparts to set the function pointers.
>
> This could be viewed as a bug; we had no idea people wanted to *set* various fields. WE consider missing accessors/setters in opaque datatypes a bug.
I found the following awkward workaround: I set up a temporary
X509_STORE_CTX object only for the purpose of getting the original
X509_STORE_CTX_cert_crl_fn function pointer that I save somewhere. Then
I call X509_STORE_set_cert_crl to assign my own cert_crl function, from
which later X509_STORE_CTXs created for the X509_STORE will inherit it.
This is the code (minus error checking):
X509_STORE *my_store = X509_STORE_new();
X509_STORE_CTX *ctx = X509_STORE_CTX_new();
X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
X509_STORE_CTX_cert_crl_fn original_cert_crl =
X509_STORE_CTX_get_cert_crl(ctx);
X509_STORE_set_cert_crl(my_store, my_own_cert_crl);
X509_STORE_CTX_free(ctx);
Should I file an issue on GitHub about the missing setters?
Thanks
Stephan
More information about the openssl-users
mailing list