X509_STORE lookup question
chris.bare at gmail.com
Wed Aug 2 13:50:41 UTC 2023
I've created an X509_STORE and set my own lookup methods:
lm = X509_LOOKUP_meth_new ("Load certs from database");
X509_LOOKUP_meth_set_ctrl (lm, dir_ctrl);
X509_LOOKUP_meth_set_get_by_subject (lm, get_cert_by_subject);
X509_LOOKUP_meth_set_get_by_issuer_serial (lm, get_by_issuer_serial);
X509_LOOKUP_meth_set_get_by_fingerprint (lm, get_by_fingerprint);
X509_LOOKUP_meth_set_get_by_alias (lm, get_by_alias);
store = X509_STORE_new();
This works, but it only ever calls get_cert_by_subject. I've run into cases
where certificates have duplicate CommonNames, so it would be better to use
one of the other lookups.
Is there a flag I need to set in the store, or some configuration I need to
do somewhere else in OpenSSL to make it use a different lookup method?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users