[openssl-dev] Fwd: Re: [openssl-users] Duplicating const X509_NAME

Matt Caswell matt at openssl.org
Tue Nov 8 13:10:00 UTC 2016 


On 08/11/16 12:41, Sascha Steinbiss wrote:
> Dear OpenSSL developer team,
> 
> following up on the discussion quoted below on the openssl-users ML I
> would like to ask your opinions on adding a OCSP_resp_get1_id() function:
> 
> int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
>                       ASN1_OCTET_STRING **pid,
>                       X509_NAME **pname);
> 
> to allow API users to obtain non-const values from responses to pass on
> to downstream functions. Please also see my commit
> https://github.com/satta/openssl/commit/4392b12a0caa8f8e7df0bb6e1c94de7f744407ba
> implementing this. Looking forward to some comments -- if you are OK
> with it I would be happy to file a pull request. My CLA has been signed
> and emailed to OpenSSL Foundation's legal team.

Just go ahead a file a pull request anyway...that's the best way of
getting comments. If changes are needed you can update the PR as required.

> 
> Unfortunately I could not find any existing tests for the get0
> counterpart in the OpenSSL source. Did I miss something? That's the
> reason why I haven't included tests yet, having read the contributor's
> guide.

Hmmm, there doesn't seem to be anything. You could probably add
something to test_tlsext_status_type() to test/sslapitest.c.

Matt



> 
> Thanks and kind regards
> Sascha
> 
> 
> -------- Forwarded Message --------
> Subject: 	Re: [openssl-users] Duplicating const X509_NAME
> Date: 	Mon, 7 Nov 2016 12:54:03 -0600
> From: 	Benjamin Kaduk <bkaduk at akamai.com>
> Reply-To: 	openssl-users at openssl.org
> To: 	openssl-users at openssl.org
> 
> 
> 
> On 11/07/2016 05:42 AM, Sascha Steinbiss wrote:
>> Hi all,
>>
>> I was wondering how to properly make a clone of a const X509_NAME in
>> OpenSSL 1.1?
>>
>> In particular, I am obtaining a const X509_NAME* via OCSP_resp_get0_id()
>> and would like to pass it to X509_find_by_subject() which takes a
>> X509_NAME* (non-const). I looked into using X509_NAME_dup() to obtain a
>> local copy -- which looked like the obvious approach -- but that also
>> only takes a non-const parameter.
>>
>> Any ideas? With
>>
> 
> Hmm, seems like there may be a need for get1-style accessors, then.
> Supposedly missing accessors will get backported from master to the 1.1
> branch (though making it in time for 1.1.0c later this week could be
> tough).  It might be worth filing a pull request with such things.
> 
> -Ben
> 
> 
>

More information about the openssl-dev mailing list