how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

Viktor Dukhovni openssl-users at
Tue Jun 18 05:36:49 UTC 2019

On Mon, Jun 17, 2019 at 09:19:41PM -0700, Lisa Matias wrote:

> X509_NAME_ENTRY *nameEntry;
> nameEntry = X509_NAME_ENTRY_create_by_NID (&nameEntry, nid,
>                         derTagToVType (tag), buffer, bufferLength);
> *nameEntry->value->flags = specifiedFlags;*

Can you be a bit more explicit about why you need to do this?
What flags do you intend to set and why?

That said, you can use:

    ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);

to get the ASN1_STRING holding the value, and since ASN1_STRINGs
are not opaque types, you can just use:

	value->flags = ...

asuming that's a sensible thing to do.  You may however be straying
into undocumented behaviour, and so it might be good to know whether
perhaps there's a better way of getting the result you actually want.


More information about the openssl-users mailing list