[openssl-dev] [openssl.org #4274] OpenSSL 1.1 X509_NAME_der()
Howard Chu via RT
rt at openssl.org
Fri Jan 29 19:14:50 UTC 2016
Stephen Henson via RT wrote:
> On Fri Jan 29 17:35:05 2016, steve wrote:
>> On Fri Jan 29 15:08:47 2016, hyc at highlandsun.com wrote:
>>> Howard Chu via RT wrote:
>>>> In OpenLDAP we reference X509_NAME->bytes->data directly, we want
>>>> the
>>>> DER
>>>> bytes which we then pass thru our own DN validator/formatter. This
>>>> no
>>>> longer
>>>> works with OpenSSL 1.1 and I don't see any provided method to
>>>> return
>>>> the DER
>>>> bytes. I don't want a malloc'd copy, I just want read-only access
>>>> to
>>>> the bytes
>>>> already cached inside the X509_NAME structure.
>>>>
>>>> The attached patch would be sufficient to meet this requirement.
>>>
>>> We are tracking this here as well:
>>>
>>> http://www.openldap.org/its/index.cgi/Development?id=8353
>>
>>
>> I'd rather we didn't return a pointer to the internal BUF_MEM as we
>> might want
>> to change that at some point.
>>
>> Would a function like:
>>
>> int X509_NAME_der(const X509_NAME *nm, const char **pder);
>>
>> be suitable for your needs?
>>
>
> Thinking about it a better name for comply with our naming convention would be
> X509_NAME_get0_der.
Just to be clear - in our use case we already know the length. But if the
function you're proposing is returning only a success/error code, then the
function should probably also provide the length as a return parameter, for
more general users.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the openssl-dev
mailing list