[openssl-dev] Fwd: Re: [openssl-users] Duplicating const X509_NAME
Matt Caswell
matt at openssl.org
Tue Nov 8 13:10:00 UTC 2016
On 08/11/16 12:41, Sascha Steinbiss wrote:
> Dear OpenSSL developer team,
>
> following up on the discussion quoted below on the openssl-users ML I
> would like to ask your opinions on adding a OCSP_resp_get1_id() function:
>
> int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
> ASN1_OCTET_STRING **pid,
> X509_NAME **pname);
>
> to allow API users to obtain non-const values from responses to pass on
> to downstream functions. Please also see my commit
> https://github.com/satta/openssl/commit/4392b12a0caa8f8e7df0bb6e1c94de7f744407ba
> implementing this. Looking forward to some comments -- if you are OK
> with it I would be happy to file a pull request. My CLA has been signed
> and emailed to OpenSSL Foundation's legal team.
Just go ahead a file a pull request anyway...that's the best way of
getting comments. If changes are needed you can update the PR as required.
>
> Unfortunately I could not find any existing tests for the get0
> counterpart in the OpenSSL source. Did I miss something? That's the
> reason why I haven't included tests yet, having read the contributor's
> guide.
Hmmm, there doesn't seem to be anything. You could probably add
something to test_tlsext_status_type() to test/sslapitest.c.
Matt
>
> Thanks and kind regards
> Sascha
>
>
> -------- Forwarded Message --------
> Subject: Re: [openssl-users] Duplicating const X509_NAME
> Date: Mon, 7 Nov 2016 12:54:03 -0600
> From: Benjamin Kaduk <bkaduk at akamai.com>
> Reply-To: openssl-users at openssl.org
> To: openssl-users at openssl.org
>
>
>
> On 11/07/2016 05:42 AM, Sascha Steinbiss wrote:
>> Hi all,
>>
>> I was wondering how to properly make a clone of a const X509_NAME in
>> OpenSSL 1.1?
>>
>> In particular, I am obtaining a const X509_NAME* via OCSP_resp_get0_id()
>> and would like to pass it to X509_find_by_subject() which takes a
>> X509_NAME* (non-const). I looked into using X509_NAME_dup() to obtain a
>> local copy -- which looked like the obvious approach -- but that also
>> only takes a non-const parameter.
>>
>> Any ideas? With
>>
>
> Hmm, seems like there may be a need for get1-style accessors, then.
> Supposedly missing accessors will get backported from master to the 1.1
> branch (though making it in time for 1.1.0c later this week could be
> tough). It might be worth filing a pull request with such things.
>
> -Ben
>
>
>
More information about the openssl-dev
mailing list