SSL_dane_tlsa_add function signature

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL_dane_tlsa_add function signature

Patrick Schlangen
Hi,

please forgive me if this question has been asked before.

>  int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
>                       uint8_t mtype, unsigned char *data, size_t dlen);

Reading the docs, my impression ist hat SSL_dane_tlsa_add adds a TLSA record
to the SSL object for later use during verification.
What puzzles me is that the data argument of type unsigned char is not
const. Will the function modify the data buffer in any way?
Also, is it safe to free the data after calling SSL_dane_tlsa_add, or
phrased differently: Will SSL_dane_tlsa_add create a copy of the data?

Thanks a lot in advance,

Patrick



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL_dane_tlsa_add function signature

Viktor Dukhovni


> On Jan 9, 2018, at 12:56 PM, Patrick Schlangen <[hidden email]> wrote:
>
> Reading the docs, my impression ist hat SSL_dane_tlsa_add adds a TLSA record
> to the SSL object for later use during verification.
> What puzzles me is that the data argument of type unsigned char is not
> const.

It should have been "const".  Sorry about that.  If you're enthusiastic to
contribute, please feel free to file a githu pull-request against
ssl/ssl_lib.c and include/openssl/ssl.h (which for a first pull-request
will also require you to file contributor license agreement).  If that's
all too much work, I can fix the issue on your behalf.

> Will the function modify the data buffer in any way?

No.

> Also, is it safe to free the data after calling SSL_dane_tlsa_add

Yes.

> or phrased differently: Will SSL_dane_tlsa_add create a copy of the data?

Yes.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL_dane_tlsa_add function signature

Patrick Schlangen
> On Jan 9, 2018, at 19:25 PM, Viktor Dukhovni wrote:
> If you're enthusiastic to contribute, please feel free to file a githu
pull-request

Thanks a lot for the fast reply. I've submitted a pull request at
https://github.com/openssl/openssl/pull/5046 and will mail the CLA ASAP.

Best Regards,

Patrick




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL_dane_tlsa_add function signature

Viktor Dukhovni


> On Jan 9, 2018, at 1:56 PM, Patrick Schlangen <[hidden email]> wrote:
>
> Thanks a lot for the fast reply. I've submitted a pull request at
> https://github.com/openssl/openssl/pull/5046 and will mail the CLA ASAP.

Great!  Appreciated.  Are you at all at liberty to say how (really to what
end) you plan to use the DANE support in OpenSSL?  Feel free to reply off-list
if that makes a difference.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users