[openssl-users] OpenSSL 1.1.0: No X509_STORE_CTX_set_cert_crl() function?

Stephan Mühlstrasser stm at pdflib.com
Fri Jun 15 13:45:26 UTC 2018


while porting from OpenSSL 1.0.2. to OpenSSL 1.1.0 I ran into the 
following problem:

With OpenSSL 1.0.2. I plugged into the certificate verification 
mechanism in order to capture the X509_CRL that was used to validate a 
certificate. The original function pointer stored in the cert_crl member 
of a X509_STORE_CTX structure was saved, and another function was 
assigned to the cert_crl member that called the saved original cert_crl 
function and then performed additional operations with the X509_CRL 

It looks like in OpenSSL 1.1.0 I can no longer do that. There are only 
functions available that return various function pointers from a 
X509_STORE_CTX structure (like X509_STORE_CTX_get_cert_crl), but there 
are no corresponding counterparts to set the function pointers.

Is this intentional, or is this an omission in OpenSSL 1.1.0? If this is 
intentional, how could I reproduce the funtionality without having to 
duplicate the code in the static cert_crl() function in x509_vfy.c?


More information about the openssl-users mailing list