[openssl-users] Help finding replacement for ASN1_seq_unpack_X509
Dr. Stephen Henson
steve at openssl.org
Tue Jul 19 22:10:01 UTC 2016
On Tue, Jul 19, 2016, Jim Carroll wrote:
> OpenSSL 1.1.0 has upgraded the safestack.h macro system, but I'm having
> difficulty understanding the changes. I'm porting a piece of code from
> OpenSSL 0.9.8 that uses ASN1_seq_unpack_X509. In 0.9.8, safestack.h had this
> definition.
>
> #define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
>
> SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
>
> Could anyone point me in the right direction and how this needs to be
> adapted?
>
>
Ah, that uses some ancient stuff which is originally from OpenSSL 0.9.6. For
1.1.0 this has changed. You need to create a typedef for a STACK_OF(X509) and
then define ASN.1 functions for it for a SEQUENCE OF X509. That is a lot
easier than it sounds. This should do it:
#include <openssl/x509.h>
#include <openssl/asn1t.h>
typedef STACK_OF(X509) SEQ_CERT;
ASN1_ITEM_TEMPLATE(SEQ_CERT) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, SeqCert, X509)
ASN1_ITEM_TEMPLATE_END(SEQ_CERT)
IMPLEMENT_ASN1_FUNCTIONS(SEQ_CERT)
This defines a function d2i_SEQ_CERT() which replaces the original macro.
Note that this construct should also work in earlier versions of OpenSSL too
including 0.9.8.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list