[EXTERNAL] Re: Alternative for structure opaque X509 & X509_STORE_CTX

Shivakumar Poojari Shivakumar.Poojari at rbbn.com
Tue Oct 5 09:04:47 UTC 2021 

Thanks Matt!!

your suggestions are very helpful.
________________________________
From: Matt Caswell <matt at openssl.org>
Sent: Tuesday, October 5, 2021 1:20 PM
To: Shivakumar Poojari <Shivakumar.Poojari at rbbn.com>; openssl-users at openssl.org <openssl-users at openssl.org>
Cc: Paramashivaiah, Sunil <Sunil.Paramashivaiah at rbbn.com>; Kumar Mishra, Sanjeev <Sanjeev.Kumar-Mishra at rbbn.com>; Bhattacharjee, Debapriyo (c) <dbhattacharjee at rbbn.com>
Subject: [EXTERNAL] Re: Alternative for structure opaque X509 & X509_STORE_CTX



On 05/10/2021 05:24, Shivakumar Poojari wrote:
> :error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>       if (x->ocsp && x->ocsp->ocsp_url)

Strangely there is no ocsp field in an x509_st even in 1.0.2 that I can see.


>
> :error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>           if(cert->sig_alg)
>
> :types.h:157:16: note: forward declaration of 'X509' {aka 'struct x509_st'}
>   typedef struct x509_st X509;
>
> error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>               sigAlg = OBJ_obj2nid((cert)->sig_alg->algorithm);


sig_alg is an X509_ALGOR structure which you get can using
X509_get0_signature().

>
>   error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
>       x = ctx->cert;

X509_STORE_CTX_get_current_cert()

>              ^~
> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
> 'struct x509_store_ctx_st'}
>   typedef struct x509_store_ctx_st X509_STORE_CTX;
>                  ^~~~~~~~~~~~~~~~~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
>       ctx->current_cert = x;

X509_STORE_CTX_set_current_cert()

>          ^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
>       ctx->current_issuer = NULL;
>          ^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
>       ctx->current_crl_score = 0;
>          ^~
>
> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
> 'struct x509_store_ctx_st'}
>   typedef struct x509_store_ctx_st X509_STORE_CTX;
>                  ^~~~~~~~~~~~~~~~~
>
> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
> 'struct x509_store_ctx_st'}
>   typedef struct x509_store_ctx_st X509_STORE_CTX;
>                  ^~~~~~~~~~~~~~~~~
> /sonus/p4/ws/spoojari/openssl3/marlin/SIPCM/sipCmOpenSSL.c:3268:8:
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
>       ctx->current_reasons = 0;



These fields can't be set individually. You have to reset the whole
X509_STORE_CTX, e.g. via X509_STORE_CTX_init.


>          ^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
>       ctx->error = 0;


X509_STORE_CTX_set_error()

>          ^~
> error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>               if (px->ocsp && (px->ocsp->ocsp_validate ==
> X509_OCSP_VALIDATE_DISABLED))
>                     ^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
>           if (!ctx->ctx->ocsp_process_responder)
>                   ^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
>       store = ctx->ctx;
>

Use X509_STORE_CTX_get0_store() to get ctx->ctx. I can't find the field
"ocsp_process_responder"


                  ^~
>
> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
> x509_store_ctx_st'}
>           ok = ctx->verify_cb(0, ctx);

X509_STORE_get_verify_cb()


>                   ^~
> Getting above error in the code, Please provide the document that which
> function i can use to resolve this errors.
>
> Thanks,
> Shiva kumar
>
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others or
> forwarding without express permission is strictly prohibited. If you are
> not the intended recipient, please notify the sender immediately and
> then delete all copies, including any attachments.

Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211005/65ad809d/attachment-0001.html>

More information about the openssl-users mailing list