[EXTERNAL] Re: Alternative for structure opaque X509 & X509_STORE_CTX
Matt Caswell
matt at openssl.org
Fri Oct 8 15:11:35 UTC 2021
On 08/10/2021 11:07, Shivakumar Poojari wrote:
> HI Matt,
>
> For below error i tried your suggestion but return type are different,
> so facing issue in replacing, remaining suggestion are worked absolutely
> fine
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>> ok = ctx->verify_cb(0, ctx);
>
> X509_STORE_get_verify_cb()
>
I'm not sure what you mean by the return types are different
X509_STORE_get_verify_cb, is declared as follows:
X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE
*ctx);
Where X509_STORE_CTX_verify_cb is declared as:
typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
So, this code is equivalent to your original code above:
X509_STORE_CTX_verify_cb verify_cb;
verify_cb = X509_STORE_get_verify_cb(ctx);
ok = verify_cb(0, ctx);
Matt
> please suggest.
>
> Thanks,
> shivakumar
> ------------------------------------------------------------------------
> *From:* Matt Caswell <matt at openssl.org>
> *Sent:* Tuesday, October 5, 2021 1:20 PM
> *To:* Shivakumar Poojari <Shivakumar.Poojari at rbbn.com>;
> openssl-users at openssl.org <openssl-users at openssl.org>
> *Cc:* Paramashivaiah, Sunil <Sunil.Paramashivaiah at rbbn.com>; Kumar
> Mishra, Sanjeev <Sanjeev.Kumar-Mishra at rbbn.com>; Bhattacharjee,
> Debapriyo (c) <dbhattacharjee at rbbn.com>
> *Subject:* [EXTERNAL] Re: Alternative for structure opaque X509 &
> X509_STORE_CTX
>
>
> On 05/10/2021 05:24, Shivakumar Poojari wrote:
>> :error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>> if (x->ocsp && x->ocsp->ocsp_url)
>
> Strangely there is no ocsp field in an x509_st even in 1.0.2 that I can see.
>
>
>>
>> :error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>> if(cert->sig_alg)
>>
>> :types.h:157:16: note: forward declaration of 'X509' {aka 'struct x509_st'}
>> typedef struct x509_st X509;
>>
>> error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>> sigAlg = OBJ_obj2nid((cert)->sig_alg->algorithm);
>
>
> sig_alg is an X509_ALGOR structure which you get can using
> X509_get0_signature().
>
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>> x = ctx->cert;
>
> X509_STORE_CTX_get_current_cert()
>
>> ^~
>> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
>> 'struct x509_store_ctx_st'}
>> typedef struct x509_store_ctx_st X509_STORE_CTX;
>> ^~~~~~~~~~~~~~~~~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>> ctx->current_cert = x;
>
> X509_STORE_CTX_set_current_cert()
>
>> ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>> ctx->current_issuer = NULL;
>> ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>> ctx->current_crl_score = 0;
>> ^~
>>
>> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
>> 'struct x509_store_ctx_st'}
>> typedef struct x509_store_ctx_st X509_STORE_CTX;
>> ^~~~~~~~~~~~~~~~~
>>
>> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
>> 'struct x509_store_ctx_st'}
>> typedef struct x509_store_ctx_st X509_STORE_CTX;
>> ^~~~~~~~~~~~~~~~~
>> /sonus/p4/ws/spoojari/openssl3/marlin/SIPCM/sipCmOpenSSL.c:3268:8:
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>> ctx->current_reasons = 0;
>
>
>
> These fields can't be set individually. You have to reset the whole
> X509_STORE_CTX, e.g. via X509_STORE_CTX_init.
>
>
>> ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>> ctx->error = 0;
>
>
> X509_STORE_CTX_set_error()
>
>> ^~
>> error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>> if (px->ocsp && (px->ocsp->ocsp_validate ==
>> X509_OCSP_VALIDATE_DISABLED))
>> ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>> if (!ctx->ctx->ocsp_process_responder)
>> ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>> store = ctx->ctx;
>>
>
> Use X509_STORE_CTX_get0_store() to get ctx->ctx. I can't find the field
> "ocsp_process_responder"
>
>
> ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>> ok = ctx->verify_cb(0, ctx);
>
> X509_STORE_get_verify_cb()
>
>
>> ^~
>> Getting above error in the code, Please provide the document that which
>> function i can use to resolve this errors.
>>
>> Thanks,
>> Shiva kumar
>>
>> Notice: This e-mail together with any attachments may contain
>> information of Ribbon Communications Inc. and its Affiliates that is
>> confidential and/or proprietary for the sole use of the intended
>> recipient. Any review, disclosure, reliance or distribution by others or
>> forwarding without express permission is strictly prohibited. If you are
>> not the intended recipient, please notify the sender immediately and
>> then delete all copies, including any attachments.
>
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others or
> forwarding without express permission is strictly prohibited. If you are
> not the intended recipient, please notify the sender immediately and
> then delete all copies, including any attachments.
More information about the openssl-users
mailing list