[openssl-dev] [openssl.org #4274] OpenSSL 1.1 X509_NAME_der()

Stephen Henson via RT rt at openssl.org
Fri Jan 29 17:36:21 UTC 2016


On Fri Jan 29 17:35:05 2016, steve wrote:
> On Fri Jan 29 15:08:47 2016, hyc at highlandsun.com wrote:
> > Howard Chu via RT wrote:
> > > In OpenLDAP we reference X509_NAME->bytes->data directly, we want
> > > the
> > > DER
> > > bytes which we then pass thru our own DN validator/formatter. This
> > > no
> > > longer
> > > works with OpenSSL 1.1 and I don't see any provided method to
> > > return
> > > the DER
> > > bytes. I don't want a malloc'd copy, I just want read-only access
> > > to
> > > the bytes
> > > already cached inside the X509_NAME structure.
> > >
> > > The attached patch would be sufficient to meet this requirement.
> >
> > We are tracking this here as well:
> >
> > http://www.openldap.org/its/index.cgi/Development?id=8353
>
>
> I'd rather we didn't return a pointer to the internal BUF_MEM as we
> might want
> to change that at some point.
>
> Would a function like:
>
> int X509_NAME_der(const X509_NAME *nm, const char **pder);
>
> be suitable for your needs?
>

Thinking about it a better name for comply with our naming convention would be
X509_NAME_get0_der.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org



More information about the openssl-dev mailing list