[EXTERNAL] Re: Alternative for structure opaque X509 & X509_STORE_CTX

Shivakumar Poojari Shivakumar.Poojari at rbbn.com
Mon Oct 11 05:41:03 UTC 2021 

Hi Matt

   The return type of ctx->verify_cb(0,  ctx) is int and the return type of  X509_STORE_get_verify_cb()       is X509_STORE_CTX_verify_cb in this case how do i match/replace
    int ok=1;
    ok = ctx->verify_cb(0,  ctx);

    X509_STORE_CTX_verify_cb verify_cb;
    verify_cb = X509_STORE_get_verify_cb(ctx);

Thanks
Shiva kumar

________________________________
From: Matt Caswell <matt at openssl.org>
Sent: Friday, October 8, 2021 8:41 PM
To: Shivakumar Poojari <Shivakumar.Poojari at rbbn.com>; openssl-users at openssl.org <openssl-users at openssl.org>
Cc: Paramashivaiah, Sunil <Sunil.Paramashivaiah at rbbn.com>; Kumar Mishra, Sanjeev <Sanjeev.Kumar-Mishra at rbbn.com>; Bhattacharjee, Debapriyo (c) <dbhattacharjee at rbbn.com>
Subject: Re: [EXTERNAL] Re: Alternative for structure opaque X509 & X509_STORE_CTX



On 08/10/2021 11:07, Shivakumar Poojari wrote:
> HI Matt,
>
> For below error i tried your suggestion but return type are different,
> so facing issue in replacing, remaining suggestion are worked absolutely
> fine
>>
>> error: invalid use  of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>>           ok = ctx->verify_cb(0,  ctx);
>
> X509_STORE_get_verify_cb()
>

I'm not sure what you mean by the return types are different
X509_STORE_get_verify_cb, is declared as follows:

     X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE
*ctx);

Where X509_STORE_CTX_verify_cb is declared as:

     typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);

So, this code is equivalent to your original code above:

     X509_STORE_CTX_verify_cb verify_cb;

     verify_cb = X509_STORE_get_verify_cb(ctx);
     ok = verify_cb(0, ctx);

Matt


> please suggest.
>
> Thanks,
> shivakumar
> ------------------------------------------------------------------------
> *From:* Matt Caswell <matt at openssl.org>
> *Sent:* Tuesday, October 5, 2021 1:20 PM
> *To:* Shivakumar Poojari <Shivakumar.Poojari at rbbn.com>;
> openssl-users at openssl.org <openssl-users at openssl.org>
> *Cc:* Paramashivaiah, Sunil <Sunil.Paramashivaiah at rbbn.com>; Kumar
> Mishra, Sanjeev <Sanjeev.Kumar-Mishra at rbbn.com>; Bhattacharjee,
> Debapriyo (c) <dbhattacharjee at rbbn.com>
> *Subject:* [EXTERNAL] Re: Alternative for structure opaque X509 &
> X509_STORE_CTX
>
>
> On 05/10/2021 05:24, Shivakumar Poojari wrote:
>> :error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>>       if (x->ocsp && x->ocsp->ocsp_url)
>
> Strangely there is no ocsp field in an x509_st even in 1.0.2 that I can see.
>
>
>>
>> :error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>>           if(cert->sig_alg)
>>
>> :types.h:157:16: note: forward declaration of 'X509' {aka 'struct x509_st'}
>>   typedef struct x509_st X509;
>>
>> error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>>               sigAlg = OBJ_obj2nid((cert)->sig_alg->algorithm);
>
>
> sig_alg is an X509_ALGOR structure which you get can using
> X509_get0_signature().
>
>>
>>   error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>>       x = ctx->cert;
>
> X509_STORE_CTX_get_current_cert()
>
>>              ^~
>> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
>> 'struct x509_store_ctx_st'}
>>   typedef struct x509_store_ctx_st X509_STORE_CTX;
>>                  ^~~~~~~~~~~~~~~~~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>>       ctx->current_cert = x;
>
> X509_STORE_CTX_set_current_cert()
>
>>          ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>>       ctx->current_issuer = NULL;
>>          ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>>       ctx->current_crl_score = 0;
>>          ^~
>>
>> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
>> 'struct x509_store_ctx_st'}
>>   typedef struct x509_store_ctx_st X509_STORE_CTX;
>>                  ^~~~~~~~~~~~~~~~~
>>
>> types.h:165:16: note: forward declaration of 'X509_STORE_CTX' {aka
>> 'struct x509_store_ctx_st'}
>>   typedef struct x509_store_ctx_st X509_STORE_CTX;
>>                  ^~~~~~~~~~~~~~~~~
>> /sonus/p4/ws/spoojari/openssl3/marlin/SIPCM/sipCmOpenSSL.c:3268:8:
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>>       ctx->current_reasons = 0;
>
>
>
> These fields can't be set individually. You have to reset the whole
> X509_STORE_CTX, e.g. via X509_STORE_CTX_init.
>
>
>>          ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>>       ctx->error = 0;
>
>
> X509_STORE_CTX_set_error()
>
>>          ^~
>> error: invalid use of incomplete type 'X509' {aka 'struct x509_st'}
>>               if (px->ocsp && (px->ocsp->ocsp_validate ==
>> X509_OCSP_VALIDATE_DISABLED))
>>                     ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>>           if (!ctx->ctx->ocsp_process_responder)
>>                   ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>>       store = ctx->ctx;
>>
>
> Use X509_STORE_CTX_get0_store() to get ctx->ctx. I can't find the field
> "ocsp_process_responder"
>
>
>                    ^~
>>
>> error: invalid use of incomplete type 'X509_STORE_CTX' {aka 'struct
>> x509_store_ctx_st'}
>>           ok = ctx->verify_cb(0, ctx);
>
> X509_STORE_get_verify_cb()
>
>
>>                   ^~
>> Getting above error in the code, Please provide the document that which
>> function i can use to resolve this errors.
>>
>> Thanks,
>> Shiva kumar
>>
>> Notice: This e-mail together with any attachments may contain
>> information of Ribbon Communications Inc. and its Affiliates that is
>> confidential and/or proprietary for the sole use of the intended
>> recipient. Any review, disclosure, reliance or distribution by others or
>> forwarding without express permission is strictly prohibited. If you are
>> not the intended recipient, please notify the sender immediately and
>> then delete all copies, including any attachments.
>
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others or
> forwarding without express permission is strictly prohibited. If you are
> not the intended recipient, please notify the sender immediately and
> then delete all copies, including any attachments.

Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211011/eb58fa83/attachment-0001.html>

More information about the openssl-users mailing list