I've created an X509_STORE and set my own lookup methods:
lm = X509_LOOKUP_meth_new ("Load certs from database");
if (lm)
{
X509_LOOKUP_meth_set_ctrl (lm, dir_ctrl);
X509_LOOKUP_meth_set_get_by_subject (lm, get_cert_by_subject);
X509_LOOKUP_meth_set_get_by_issuer_serial (lm, get_by_issuer_serial);
X509_LOOKUP_meth_set_get_by_fingerprint (lm, get_by_fingerprint);
X509_LOOKUP_meth_set_get_by_alias (lm, get_by_alias);
}
if (lm)
{
X509_LOOKUP_meth_set_ctrl (lm, dir_ctrl);
X509_LOOKUP_meth_set_get_by_subject (lm, get_cert_by_subject);
X509_LOOKUP_meth_set_get_by_issuer_serial (lm, get_by_issuer_serial);
X509_LOOKUP_meth_set_get_by_fingerprint (lm, get_by_fingerprint);
X509_LOOKUP_meth_set_get_by_alias (lm, get_by_alias);
}
store = X509_STORE_new();
X509_STORE_add_lookup(store, lm);
This works, but it only ever calls get_cert_by_subject. I've run into cases where certificates have duplicate CommonNames, so it would be better to use one of the other lookups.
Is there a flag I need to set in the store, or some configuration I need to do somewhere else in OpenSSL to make it use a different lookup method?
--
Chris Bare
