[openssl-users] understanding ASN1_item_verify()

Michael Richardson mcr at sandelman.ca
Mon Nov 12 16:20:43 UTC 2018

  my goal is to validate Certificate Signing Requests in ruby.

.. do not seem to exist, but at least
points to such a page.

I'm not sure what this means for this function. It also does not
show up in doc/*, but it is exported in crypto.num.  
Maybe it should not be used by new code?


I was looking at:
  int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
                                 &a->sig_alg, a->signature, &a->req_info,

as I'm not sure that I want to build a ruby wrapper for X509_REQ.

I just don't understand ASN1_ITEM_rptr.  My understanding is that
it returns a function (or global) that would be named X509_REQ_INFO_it().

But, how does the "a" argument get connected with this?
I'm thinking that there is some global "current ASN1 thing" that is involved,
but surely that can't be...

If there is any non-generic documentation on X509_REQ_*(), I haven't found it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181112/9dde3b09/attachment.sig>

More information about the openssl-users mailing list