[EXTERNAL] Re: Alternative for structure opaque X509 & X509_STORE_CTX

Matt Caswell matt at openssl.org
Fri Oct 8 15:11:35 UTC 2021



On 08/10/2021 11:07, Shivakumar Poojari wrote:
> HI Matt,
> 
> For below error i tried your suggestion but return type are different, 
> so facing issue in replacing, remaining suggestion are worked absolutely 
> fine
>>
>> error: invalid use  of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>>           ok = ctx->verify_cb(0,  ctx);
> 
> X509_STORE_get_verify_cb()
> 

I'm not sure what you mean by the return types are different 
X509_STORE_get_verify_cb, is declared as follows:

     X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE 
*ctx);

Where X509_STORE_CTX_verify_cb is declared as:

     typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);

So, this code is equivalent to your original code above:

     X509_STORE_CTX_verify_cb verify_cb;

     verify_cb = X509_STORE_get_verify_cb(ctx);
     ok = verify_cb(0, ctx);

Matt


> please suggest.
> 
> Thanks,
> shivakumar
> ------------------------------------------------------------------------
> *From:* Matt Caswell <matt at openssl.org>
> *Sent:* Tuesday, October 5, 2021 1:20 PM
> *To:* Shivakumar Poojari <Shivakumar.Poojari at rbbn.com>; 
> openssl-users at openssl.org <openssl-users at openssl.org>
> *Cc:* Paramashivaiah, Sunil <Sunil.Paramashivaiah at rbbn.com>; Kumar 
> Mishra, Sanjeev <Sanjeev.Kumar-Mishra at rbbn.com>; Bhattacharjee, 
> Debapriyo (c) <dbhattacharjee at rbbn.com>
> *Subject:* [EXTERNAL] Re: Alternative for structure opaque X509 & 
> X509_STORE_CTX
> 
> 
> On 05/10/2021 05:24, Shivakumar Poojari wrote:
>> :error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>>       if (x->ocsp && x->ocsp->ocsp_url)
> 
> Strangely there is no ocsp field in an x509_st even in 1.0.2 that I can see.
> 
> 
>> 
>> :error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>>           if(cert->sig_alg)
>> 
>> :types.h:157:16: note: forward declaration of 'X509' {aka 'struct x509_st'}
>>   typedef struct x509_st X509;
>> 
>> error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>>               sigAlg = OBJ_obj2nid((cert)->sig_alg->algorithm);
> 
> 
> sig_alg is an X509_ALGOR structure which you get can using
> X509_get0_signature().
> 
>> 
>>   error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct 
>> x509_store_ctx_st'}
>>       x = ctx->cert;
> 
> X509_STORE_CTX_get_current_cert()
> 
>>              ^~
>> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka 
>> 'struct x509_store_ctx_st'}
>>   typedef struct x509_store_ctx_st X509_STORE_CTX;
>>                  ^~~~~~~~~~~~~~~~~
>> 
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct 
>> x509_store_ctx_st'}
>>       ctx->current_cert = x;
> 
> X509_STORE_CTX_set_current_cert()
> 
>>          ^~
>> 
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct 
>> x509_store_ctx_st'}
>>       ctx->current_issuer = NULL;
>>          ^~
>> 
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct 
>> x509_store_ctx_st'}
>>       ctx->current_crl_score = 0;
>>          ^~
>> 
>> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka 
>> 'struct x509_store_ctx_st'}
>>   typedef struct x509_store_ctx_st X509_STORE_CTX;
>>                  ^~~~~~~~~~~~~~~~~
>> 
>> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka 
>> 'struct x509_store_ctx_st'}
>>   typedef struct x509_store_ctx_st X509_STORE_CTX;
>>                  ^~~~~~~~~~~~~~~~~
>> /sonus/p4/ws/spoojari/openssl3/marlin/SIPCM/sipCmOpenSSL.c:3268:8: 
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct 
>> x509_store_ctx_st'}
>>       ctx->current_reasons = 0;
> 
> 
> 
> These fields can't be set individually. You have to reset the whole
> X509_STORE_CTX, e.g. via X509_STORE_CTX_init.
> 
> 
>>          ^~
>> 
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct 
>> x509_store_ctx_st'}
>>       ctx->error = 0;
> 
> 
> X509_STORE_CTX_set_error()
> 
>>          ^~
>> error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>>               if (px->ocsp && (px->ocsp->ocsp_validate == 
>> X509_OCSP_VALIDATE_DISABLED))
>>                     ^~
>> 
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct 
>> x509_store_ctx_st'}
>>           if (!ctx->ctx->ocsp_process_responder)
>>                   ^~
>> 
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct 
>> x509_store_ctx_st'}
>>       store = ctx->ctx;
>> 
> 
> Use X509_STORE_CTX_get0_store() to get ctx->ctx. I can't find the field
> "ocsp_process_responder"
> 
> 
>                    ^~
>> 
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct 
>> x509_store_ctx_st'}
>>           ok = ctx->verify_cb(0, ctx);
> 
> X509_STORE_get_verify_cb()
> 
> 
>>                   ^~
>> Getting above error in the code, Please provide the document that which 
>> function i can use to resolve this errors.
>> 
>> Thanks,
>> Shiva kumar
>> 
>> Notice: This e-mail together with any attachments may contain 
>> information of Ribbon Communications Inc. and its Affiliates that is 
>> confidential and/or proprietary for the sole use of the intended 
>> recipient. Any review, disclosure, reliance or distribution by others or 
>> forwarding without express permission is strictly prohibited. If you are 
>> not the intended recipient, please notify the sender immediately and 
>> then delete all copies, including any attachments.
> 
> Notice: This e-mail together with any attachments may contain 
> information of Ribbon Communications Inc. and its Affiliates that is 
> confidential and/or proprietary for the sole use of the intended 
> recipient. Any review, disclosure, reliance or distribution by others or 
> forwarding without express permission is strictly prohibited. If you are 
> not the intended recipient, please notify the sender immediately and 
> then delete all copies, including any attachments.


More information about the openssl-users mailing list