Alternative for structure opaque X509 & X509_STORE_CTX
Matt Caswell
matt at openssl.org
Tue Oct 5 07:50:25 UTC 2021
On 05/10/2021 05:24, Shivakumar Poojari wrote:
> :error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
> if (x->ocsp && x->ocsp->ocsp_url)
Strangely there is no ocsp field in an x509_st even in 1.0.2 that I can see.
>
> :error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
> if(cert->sig_alg)
>
> :types.h:157:16: note: forward declaration of 'X509' {aka 'struct x509_st'}
> typedef struct x509_st X509;
>
> error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
> sigAlg = OBJ_obj2nid((cert)->sig_alg->algorithm);
sig_alg is an X509_ALGOR structure which you get can using
X509_get0_signature().
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
> x = ctx->cert;
X509_STORE_CTX_get_current_cert()
> ^~
> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
> 'struct x509_store_ctx_st'}
> typedef struct x509_store_ctx_st X509_STORE_CTX;
> ^~~~~~~~~~~~~~~~~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
> ctx->current_cert = x;
X509_STORE_CTX_set_current_cert()
> ^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
> ctx->current_issuer = NULL;
> ^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
> ctx->current_crl_score = 0;
> ^~
>
> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
> 'struct x509_store_ctx_st'}
> typedef struct x509_store_ctx_st X509_STORE_CTX;
> ^~~~~~~~~~~~~~~~~
>
> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
> 'struct x509_store_ctx_st'}
> typedef struct x509_store_ctx_st X509_STORE_CTX;
> ^~~~~~~~~~~~~~~~~
> /sonus/p4/ws/spoojari/openssl3/marlin/SIPCM/sipCmOpenSSL.c:3268:8:
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
> ctx->current_reasons = 0;
These fields can't be set individually. You have to reset the whole
X509_STORE_CTX, e.g. via X509_STORE_CTX_init.
> ^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
> ctx->error = 0;
X509_STORE_CTX_set_error()
> ^~
> error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
> if (px->ocsp && (px->ocsp->ocsp_validate ==
> X509_OCSP_VALIDATE_DISABLED))
> ^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
> if (!ctx->ctx->ocsp_process_responder)
> ^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
> store = ctx->ctx;
>
Use X509_STORE_CTX_get0_store() to get ctx->ctx. I can't find the field
"ocsp_process_responder"
^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
> ok = ctx->verify_cb(0, ctx);
X509_STORE_get_verify_cb()
> ^~
> Getting above error in the code, Please provide the document that which
> function i can use to resolve this errors.
>
> Thanks,
> Shiva kumar
>
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others or
> forwarding without express permission is strictly prohibited. If you are
> not the intended recipient, please notify the sender immediately and
> then delete all copies, including any attachments.
More information about the openssl-users
mailing list