Custom X509_LOOKUP_METHOD in OpenSSL 1.1

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Custom X509_LOOKUP_METHOD in OpenSSL 1.1

Mingtao Yang
OpenSSL 1.1 made the X509_LOOKUP_METHOD structure opaque. 

I am currently working on migrating an application to use OpenSSL 1.1 APIs, but the application implements a custom get_by_subject method, which I cannot implement in 1.1.0 because there is no mechanism for creating custom X509_LOOKUP_METHODs.

Would OpenSSL be opposed to having public APIs for setting these function pointers in X509_LOOKUP_METHOD? (Similar to how BIO methods have public setter APIs: https://www.openssl.org/docs/man1.1.0/crypto/BIO_meth_new.html)

Thanks!
-Ming


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Custom X509_LOOKUP_METHOD in OpenSSL 1.1

OpenSSL - User mailing list

Yes, if there’s something that was made impossible to do because of things being made opaque, adding the missing API’s would be a bugfix and go into 1.1.0 and beyond.  It woud be great if you could create a PR.

 

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Custom X509_LOOKUP_METHOD in OpenSSL 1.1

Remy Lebeau

I would definitely need something like this.  I have some library code that uses OpenSSL 1.0.2 (can't upgrade to 1.1.x yet because of all the interface changes), and it currently has to use a custom X509_LOOKUP_METHOD to handle Unicode filenames on Windows (in fact, this library had to completely replace several OpenSSL functions in order to work with Unicode filenames for things like certificate files, key files, etc).

It would be REALLY REALLY nice if OpenSSL worked with Unicode filenames/paths consistently on Windows!  BIO functions like BIO_new_file(), BIO_read_filename(), etc do support UTF-8 encoded filenames on Windows, but not all SSL functions use BIOs to access files/directories, so UTF-8 filenames/paths are only supported consistently on POSIX platforms whose file/directory APIs accept UTF-8 encoded strings.  Windows does not support that, filenames/paths must be encoded in ANSI or UTF-16 only.

What is OpenSSL's current status regarding this?


Remy Lebeau
Lebeau Software
On 2/7/2018 3:59 PM, Salz, Rich via openssl-users wrote:

Yes, if there’s something that was made impossible to do because of things being made opaque, adding the missing API’s would be a bugfix and go into 1.1.0 and beyond.  It woud be great if you could create a PR.

 



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Custom X509_LOOKUP_METHOD in OpenSSL 1.1

OpenSSL - User mailing list
  • What is OpenSSL's current status regarding this?

I don’t recall it being raised before, and I don’t think anyone one the team has expressed interest in this.  It would probably have to start by someone contributing a pull request.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users