[openssl-users] Porting to OpenSSL 1.1

[Bernhard Rosenkraenzer]

Hi,
I'm porting some code to OpenSSL 1.1 -- for the most part, it's going well, but there's some things I'm not sure about:

- What replaces a direct access to "sha1_hash" in an X509? (found in Qt 5.7)

So far, haven't come up with a proper alternative to this. Should the code be refactored to use X509_issuer_and_serial_hash (which isn't quite the same, but should still give a unique hash)?
[this is from qHash -- so the purpose really is to get a unique hash of the contents]

- What's the best way to copy an EVP_PKEY?

Also from Qt 5.7:
rsa = RSA_new();
memcpy(rsa, EVP_PKEY_get1_RSA(pkey), sizeof(RSA));
[breaks because sizeof(RSA) is no longer known]
for EC, there's EC_KEY_dup -- for RSA and DSA, not so much.

- What's the proper successor to NETSCAPE_X509? (from kdelibs4support)
I presume this (the method KSSLCertificate::toNetscape()) can just be deleted because nothing should be using Netscape x509 anymore?


Outside of those, all problems I've run into so far were fairly easy to solve.

ttyl
bero
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161011/5809482a/attachment.html>