On Thu, Jul 21, 2016, Jim Carroll wrote: > Steve, > > I ran into problems with swig when I tried to deploy you suggestion. Your > solution was slick pre-processor magic's and I was having difficulty > reversing the magic to troubleshoot swig (and I was a little shy about > admitting I didn't understand your suggestion). > Well there are various things going on underneath which can be hard to follow if you aren't used to them. Here's a bit more detail about what is going on. Initially we just include the necessary headers: #include <openssl/x509.h> #include <openssl/asn1t.h> ASN.1 encode/decode routines generally use a structure name. We have STACK_OF(X509) but no name for that so we can make one up which I call SEQ_CERT: typedef STACK_OF(X509) SEQ_CERT; The next bit defines an ASN.1 module structure which says the SEQ_CERT is a SEQUENCE OF X509: ASN1_ITEM_TEMPLATE(SEQ_CERT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, SeqCert, X509) ASN1_ITEM_TEMPLATE_END(SEQ_CERT) Here SEQ_CERT is the structure name which that macro defines as a SEQUENCE OF X509. The "SeqCert" is just a string that is used as a name in the definition: it can be anything. Now that's all very well but it doesn't actually define any functions. The bit that does that is this: IMPLEMENT_ASN1_FUNCTIONS(SEQ_CERT) This implements four functions but we're only interested in the encode and decode ones which look like this: int i2d_SEQ_CERT(SEQ_CERT *a, unsigned char **pp); TYPE *d2i_SEQ_CERT(SEQ_CERT **a, unsigned char **pp, long length); These behave like regular ASN.1 functions you pass in SEQ_CERT: which is STACK_OF(X509) to the i2d_SEQ_CERT and it encodes the result as a SEQUENCE OF X509 which is the same format as the original. Similarly you can decode using d2i_SEQ_CERT() and get back a STACK_OF(X509). If you have this in a separate module you can declare the new functions (e.g. in a header file) with: DECLARE_ASN1_FUNCTIONS(SEQ_CERT) Hope that helps. If you have any further problems let me know. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org