[openssl-users] Fwd: Re: Duplicating const X509_NAME

Sascha Steinbiss satta at debian.org
Tue Nov 8 12:41:15 UTC 2016

Dear OpenSSL developer team,

following up on the discussion quoted below on the openssl-users ML I
would like to ask your opinions on adding a OCSP_resp_get1_id() function:

int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
                      ASN1_OCTET_STRING **pid,
                      X509_NAME **pname);

to allow API users to obtain non-const values from responses to pass on
to downstream functions. Please also see my commit
implementing this. Looking forward to some comments -- if you are OK
with it I would be happy to file a pull request. My CLA has been signed
and emailed to OpenSSL Foundation's legal team.

Unfortunately I could not find any existing tests for the get0
counterpart in the OpenSSL source. Did I miss something? That's the
reason why I haven't included tests yet, having read the contributor's

Thanks and kind regards

-------- Forwarded Message --------
Subject: 	Re: [openssl-users] Duplicating const X509_NAME
Date: 	Mon, 7 Nov 2016 12:54:03 -0600
From: 	Benjamin Kaduk <bkaduk at akamai.com>
Reply-To: 	openssl-users at openssl.org
To: 	openssl-users at openssl.org

On 11/07/2016 05:42 AM, Sascha Steinbiss wrote:
> Hi all,
> I was wondering how to properly make a clone of a const X509_NAME in
> OpenSSL 1.1?
> In particular, I am obtaining a const X509_NAME* via OCSP_resp_get0_id()
> and would like to pass it to X509_find_by_subject() which takes a
> X509_NAME* (non-const). I looked into using X509_NAME_dup() to obtain a
> local copy -- which looked like the obvious approach -- but that also
> only takes a non-const parameter.
> Any ideas? With

Hmm, seems like there may be a need for get1-style accessors, then.
Supposedly missing accessors will get backported from master to the 1.1
branch (though making it in time for 1.1.0c later this week could be
tough).  It might be worth filing a pull request with such things.

-------------- next part --------------
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list