[openssl-users] Fwd: Re: Duplicating const X509_NAME

Sascha Steinbiss satta at debian.org
Tue Nov 8 12:41:15 UTC 2016


Dear OpenSSL developer team,

following up on the discussion quoted below on the openssl-users ML I
would like to ask your opinions on adding a OCSP_resp_get1_id() function:

int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
                      ASN1_OCTET_STRING **pid,
                      X509_NAME **pname);

to allow API users to obtain non-const values from responses to pass on
to downstream functions. Please also see my commit
https://github.com/satta/openssl/commit/4392b12a0caa8f8e7df0bb6e1c94de7f744407ba
implementing this. Looking forward to some comments -- if you are OK
with it I would be happy to file a pull request. My CLA has been signed
and emailed to OpenSSL Foundation's legal team.

Unfortunately I could not find any existing tests for the get0
counterpart in the OpenSSL source. Did I miss something? That's the
reason why I haven't included tests yet, having read the contributor's
guide.

Thanks and kind regards
Sascha


-------- Forwarded Message --------
Subject: 	Re: [openssl-users] Duplicating const X509_NAME
Date: 	Mon, 7 Nov 2016 12:54:03 -0600
From: 	Benjamin Kaduk <bkaduk at akamai.com>
Reply-To: 	openssl-users at openssl.org
To: 	openssl-users at openssl.org



On 11/07/2016 05:42 AM, Sascha Steinbiss wrote:
> Hi all,
>
> I was wondering how to properly make a clone of a const X509_NAME in
> OpenSSL 1.1?
>
> In particular, I am obtaining a const X509_NAME* via OCSP_resp_get0_id()
> and would like to pass it to X509_find_by_subject() which takes a
> X509_NAME* (non-const). I looked into using X509_NAME_dup() to obtain a
> local copy -- which looked like the obvious approach -- but that also
> only takes a non-const parameter.
>
> Any ideas? With
>

Hmm, seems like there may be a need for get1-style accessors, then.
Supposedly missing accessors will get backported from master to the 1.1
branch (though making it in time for 1.1.0c later this week could be
tough).  It might be worth filing a pull request with such things.

-Ben
-------------- next part --------------
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



More information about the openssl-users mailing list