[openssl-users] Help finding replacement for ASN1_seq_unpack_X509

Dr. Stephen Henson steve at openssl.org
Tue Jul 19 22:10:01 UTC 2016

On Tue, Jul 19, 2016, Jim Carroll wrote:

> OpenSSL 1.1.0 has upgraded the safestack.h macro system, but I'm having
> difficulty understanding the changes. I'm porting a piece of code from
> OpenSSL 0.9.8 that uses ASN1_seq_unpack_X509. In 0.9.8, safestack.h had this
> definition.
> #define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
>         SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
> Could anyone point me in the right direction and how this needs to be
> adapted?

Ah, that uses some ancient stuff which is originally from OpenSSL 0.9.6. For
1.1.0 this has changed. You need to create a typedef for a STACK_OF(X509) and
then define ASN.1 functions for it for a SEQUENCE OF X509. That is a lot
easier than it sounds. This should do it:

#include <openssl/x509.h>
#include <openssl/asn1t.h>

typedef STACK_OF(X509) SEQ_CERT;



This defines a function d2i_SEQ_CERT() which replaces the original macro.

Note that this construct should also work in earlier versions of OpenSSL too
including 0.9.8.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list