Am 15.06.18 um 16:36 schrieb Salz, Rich via openssl-users:
It looks like in OpenSSL 1.1.0 I can no longer do that. There are only
functions available that return various function pointers from a
X509_STORE_CTX structure (like X509_STORE_CTX_get_cert_crl), but there
are no corresponding counterparts to set the function pointers.
This could be viewed as a bug; we had no idea people wanted to *set* various fields. WE consider missing accessors/setters in opaque datatypes a bug.
I found the following awkward workaround: I set up a temporary
X509_STORE_CTX object only for the purpose of getting the original
X509_STORE_CTX_cert_crl_fn function pointer that I save somewhere. Then
I call X509_STORE_set_cert_crl to assign my own cert_crl function, from
which later X509_STORE_CTXs created for the X509_STORE will inherit it.
This is the code (minus error checking):
X509_STORE *my_store = X509_STORE_new();
X509_STORE_CTX *ctx = X509_STORE_CTX_new();
X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
X509_STORE_CTX_cert_crl_fn original_cert_crl =
X509_STORE_CTX_get_cert_crl(ctx);
X509_STORE_set_cert_crl(my_store, my_own_cert_crl);
X509_STORE_CTX_free(ctx);
Should I file an issue on GitHub about the missing setters?
Thanks
Stephan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
