Matt Caswell matt at
Wed Nov 13 17:32:11 UTC 2019

On 13/11/2019 17:20, Jason Schultz wrote:
> Hello-
> I am updating my Linux application from using OpenSSL 1.0.2 to 1.1.1 in
> preparation for OpenSSL 3.0 (and of course the EOL of 1.0.2). I'm
> confused about the function in the subject line as well as other,
> related sk_X509_* functions. 
> My code has always used these functions, and currently my code compiles
> and runs successfully against 1.1.1. I was sort of doing an audit of my
> code, evaluating the API calls that have changed vs not changed when I
> noticed these functions. I searched for them in the 1.1.1 source. They
> don't exist, except where called in x509_lu.c. In the 1.0.2 code base,
> they are called in the same file, as well as are defined in a header,
> /include/openssl/safestack.h.
> My question is, how are those symbols in my application being resolved
> since they are no longer found in the safestack.h header file? 
> My system previously had OpenSSL 1.0.2 installed when I installed 1.1.1,
> but I don't think I have any old headers around that are being found
> when I compile and link. But for some reason this works. They obviously
> work within the OpenSSL 1.1.1 code also. 
> I'm thinking I could be missing something basic about the compile/link
> process that explains this. Any ideas? 

In the header file openssl/x509_vfy.h you will see this line:


That macro is defined inside safestack.h and generates all the sk_*_*()
functions (as inline functions).


> Thanks in advance.

More information about the openssl-users mailing list