OpenSSL 1.1 made the X509_LOOKUP_METHOD structure opaque.
I am currently working on migrating an application to use OpenSSL 1.1 APIs, but the application implements a custom get_by_subject method, which I cannot implement in 1.1.0 because there is no mechanism for creating custom X509_LOOKUP_METHODs.
Yes, if there’s something that was made impossible to do because of things being made opaque, adding the missing API’s would be a bugfix and go into 1.1.0 and beyond. It woud be great if you could create a PR.
I would definitely need something like this. I have some library
code that uses OpenSSL 1.0.2 (can't upgrade to 1.1.x yet because
of all the interface changes), and it currently has to use a
custom X509_LOOKUP_METHOD to handle Unicode filenames on Windows
(in fact, this library had to completely replace several OpenSSL
functions in order to work with Unicode filenames for things like
certificate files, key files, etc).
It would be REALLY REALLY nice if OpenSSL worked with Unicode
filenames/paths consistently on Windows! BIO functions like
BIO_new_file(), BIO_read_filename(), etc do support UTF-8 encoded
filenames on Windows, but not all SSL functions use BIOs to access
files/directories, so UTF-8 filenames/paths are only supported
consistently on POSIX platforms whose file/directory APIs accept
UTF-8 encoded strings. Windows does not support that,
filenames/paths must be encoded in ANSI or UTF-16 only.
What is OpenSSL's current status regarding this?
On 2/7/2018 3:59 PM, Salz, Rich via
Yes, if there’s something that was made
impossible to do because of things being made opaque, adding
the missing API’s would be a bugfix and go into 1.1.0 and
beyond. It woud be great if you could create a PR.