X509_STORE lookup question

Chris Bare chris.bare at gmail.com
Wed Aug 2 13:50:41 UTC 2023

I've created an X509_STORE and set my own lookup methods:
lm = X509_LOOKUP_meth_new ("Load certs from database");
if (lm)
X509_LOOKUP_meth_set_ctrl (lm, dir_ctrl);
X509_LOOKUP_meth_set_get_by_subject (lm, get_cert_by_subject);
X509_LOOKUP_meth_set_get_by_issuer_serial (lm, get_by_issuer_serial);
X509_LOOKUP_meth_set_get_by_fingerprint (lm, get_by_fingerprint);
X509_LOOKUP_meth_set_get_by_alias (lm, get_by_alias);
store = X509_STORE_new();
X509_STORE_add_lookup(store, lm);

This works, but it only ever calls get_cert_by_subject. I've run into cases
where certificates have duplicate CommonNames, so it would be better to use
one of the other lookups.
Is there a flag I need to set in the store, or some configuration I need to
do somewhere else in OpenSSL to make it use a different lookup method?
Chris Bare
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230802/ae3aeaac/attachment.htm>

More information about the openssl-users mailing list