On 27/08/2019 17:24, weber@xxxxxxxxxxx wrote:
> Dear users,
>
> during migration from version 1.0.2s to 1.1.1c we are missing the makro
> ASN1_EX_COMBINE.
>
> It was used to embed a choice in a sequence as follows:
>> ASN1_CHOICE(X509AT_ATTRIBUTE_SET) = {
>> ASN1_SET_OF(X509AT_ATTRIBUTE, value.set, ASN1_ANY),
>> ASN1_SIMPLE(X509AT_ATTRIBUTE, value.single, ASN1_ANY)
>> } ASN1_CHOICE_END_selector(X509AT_ATTRIBUTE, X509AT_ATTRIBUTE_SET, single)
>>
>> ASN1_SEQUENCE(X509AT_ATTRIBUTE) = {
>> ASN1_SIMPLE(X509AT_ATTRIBUTE, object, ASN1_OBJECT),
>> /* CHOICE type merged with parent */
>> ASN1_EX_COMBINE(0, 0, X509AT_ATTRIBUTE_SET)
>> } ASN1_SEQUENCE_END(X509AT_ATTRIBUTE)
>
> What's the proper substitute in 1.1.1c?
Support for ASN1_EX_COMBINE was removed by commit ee9d76371ae which had this
description:
Remove combine option from ASN.1 code.
Remove the combine option. This was used for compatibility with some
non standard behaviour in ancient versions of OpenSSL: specifically
the X509_ATTRIBUTE and DSAPublicKey handling. Since these have now
been revised it is no longer needed.
For your application you might draw some inspiration from commit e20b57270d
which removed the use of this from X509_ATTRIBUTE internally in OpenSSL:
commit e20b57270dece66ce2c68aeb5d14dd6d9f3c5d68
Author: Dr. Stephen Henson <steve@xxxxxxxxxxx>
AuthorDate: Wed Mar 25 15:08:55 2015 +0000
Commit: Dr. Stephen Henson <steve@xxxxxxxxxxx>
CommitDate: Wed Mar 25 15:46:54 2015 +0000
Remove X509_ATTRIBUTE hack.
The X509_ATTRIBUTE structure includes a hack to tolerate malformed
attributes that encode as the type instead of SET OF type. This form
is never created by OpenSSL and shouldn't be needed any more.
Reviewed-by: Rich Salz <rsalz@xxxxxxxxxxx>
Reviewed-by: Richard Levitte <levitte@xxxxxxxxxxx>
You might also look at commit ea6b07b54 which removed it for the DSAPublicKey
handling.
Regards
Matt
