Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



    > > For now the ASN.1 string is not an opaque structure.
    > 
    > Considering how OpenSSL design evolved, I suspect that the time may come
    > when this string would become opaque. Therefore, I suggest that
    > getter/setter functions should be added.
    
    Any thoughts about the interface?

Alas, since I don't have any experience actually using these flags, I don't consider myself competent suggesting the API here.

    Some flag bits look internal, and not necessarily ideal for applications to modify directly, so
    while these might do:
    
        long ASN1_STRING_get_flags(ASN1_STRING *);
        void ASN1_STRING_set_flags(ASN1_STRING *, long);
    
This makes sense. Also, if there are flags that users are likely to need - perhaps explicit getter/setter calls for those individual flags? This would lower the likelihood of erroneously affecting unintended flags by a "ricochet"...

    Perhaps all that's needed is:
    
        int ASN1_BIT_STRING_set_unused(ASN1_STRING *, int);
    
    which sets the unused bit count, checking that the ASN1_STRING type
    is V_ASN1_BIT_STRING and the count is in the range [0,7].
    
That I don't know. I can't figure how or why I would use ..._set_unused()... But as I said, my competence in this particular thing is low.

Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux