Duplicating const X509_NAME

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Duplicating const X509_NAME

Sascha Steinbiss
Hi all,

I was wondering how to properly make a clone of a const X509_NAME in
OpenSSL 1.1?

In particular, I am obtaining a const X509_NAME* via OCSP_resp_get0_id()
and would like to pass it to X509_find_by_subject() which takes a
X509_NAME* (non-const). I looked into using X509_NAME_dup() to obtain a
local copy -- which looked like the obvious approach -- but that also
only takes a non-const parameter.

Any ideas? With

Thanks and kind regards
Sascha
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Duplicating const X509_NAME

Benjamin Kaduk
On 11/07/2016 05:42 AM, Sascha Steinbiss wrote:
Hi all,

I was wondering how to properly make a clone of a const X509_NAME in
OpenSSL 1.1?

In particular, I am obtaining a const X509_NAME* via OCSP_resp_get0_id()
and would like to pass it to X509_find_by_subject() which takes a
X509_NAME* (non-const). I looked into using X509_NAME_dup() to obtain a
local copy -- which looked like the obvious approach -- but that also
only takes a non-const parameter.

Any ideas? With


Hmm, seems like there may be a need for get1-style accessors, then.  Supposedly missing accessors will get backported from master to the 1.1 branch (though making it in time for 1.1.0c later this week could be tough).  It might be worth filing a pull request with such things.

-Ben

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Fwd: Re: Duplicating const X509_NAME

Sascha Steinbiss
Dear OpenSSL developer team,

following up on the discussion quoted below on the openssl-users ML I
would like to ask your opinions on adding a OCSP_resp_get1_id() function:

int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
                      ASN1_OCTET_STRING **pid,
                      X509_NAME **pname);

to allow API users to obtain non-const values from responses to pass on
to downstream functions. Please also see my commit
https://github.com/satta/openssl/commit/4392b12a0caa8f8e7df0bb6e1c94de7f744407ba
implementing this. Looking forward to some comments -- if you are OK
with it I would be happy to file a pull request. My CLA has been signed
and emailed to OpenSSL Foundation's legal team.

Unfortunately I could not find any existing tests for the get0
counterpart in the OpenSSL source. Did I miss something? That's the
reason why I haven't included tests yet, having read the contributor's
guide.

Thanks and kind regards
Sascha


-------- Forwarded Message --------
Subject: Re: [openssl-users] Duplicating const X509_NAME
Date: Mon, 7 Nov 2016 12:54:03 -0600
From: Benjamin Kaduk <[hidden email]>
Reply-To: [hidden email]
To: [hidden email]



On 11/07/2016 05:42 AM, Sascha Steinbiss wrote:

> Hi all,
>
> I was wondering how to properly make a clone of a const X509_NAME in
> OpenSSL 1.1?
>
> In particular, I am obtaining a const X509_NAME* via OCSP_resp_get0_id()
> and would like to pass it to X509_find_by_subject() which takes a
> X509_NAME* (non-const). I looked into using X509_NAME_dup() to obtain a
> local copy -- which looked like the obvious approach -- but that also
> only takes a non-const parameter.
>
> Any ideas? With
>
Hmm, seems like there may be a need for get1-style accessors, then.
Supposedly missing accessors will get backported from master to the 1.1
branch (though making it in time for 1.1.0c later this week could be
tough).  It might be worth filing a pull request with such things.

-Ben

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Attached Message Part (107 bytes) Download Attachment