Is OSSL_DECODER function set only for encoding/decoding keys?

Tomas Mraz tomas at
Thu Apr 20 08:18:15 UTC 2023


yes, although the API is generic and in future can support more object
types than EVP_PKEYs, currently the OSSL_DECODER functions are really
useful only for decoding EVP_PKEYs. The PEM_read_bio_X509 works fine
for X509 objects.

If you want something more generic then you can use the OSSL_STORE API.
See the load_key_certs_crls() function in apps/lib/apps.c for an
example on how to use it. This allows loading various object types with
single API and it also allows for loading object from different stores
provided by third party providers.

Tomas Mraz, OpenSSL

On Thu, 2023-04-20 at 03:31 +0000, Afshin Pir wrote:
> Hi,
> I wonder if OSSL_DECODER functions are only for encoding/decoding
> keys, or they have more general purpose.
> For example, I cannot find a function from this set to decode a pem
> encoded certificate to a X509 structure and it seems that I still
> need to use PEM_read_bio_X509 to do that.
> Any idea?
> Best Regards,
> Afshin
> This email is confidential and may contain information subject to
> legal privilege. If you are not the intended recipient please advise
> us of our error by return e-mail then delete this email and any
> attached files. You may not copy, disclose or use the contents in any
> way. The views expressed in this email may not be those of Gallagher
> Group Ltd or subsidiary companies thereof.

Tomáš Mráz, OpenSSL

More information about the openssl-users mailing list