[Pkg-openssl-devel] Bug#829272: Missing accessors
Richard Levitte via RT
rt at openssl.org
Fri Jul 8 06:08:21 UTC 2016
On Thu Jul 07 21:29:09 2016, levitte wrote:
> On Sat Jul 02 10:59:38 2016, kurt at roeckx.be wrote:
> > /* Add to include/openssl/x509_vfy.h : */
> >
> > typedef int (*X509_STORE_CTX_get_issuer)(X509 **issuer, X509_STORE_CTX
> > *ctx, X509 *x);
> > typedef int (*X509_STORE_CTX_check_issued)(X509_STORE_CTX *ctx, X509
> > *x, X509 *issuer);
> >
> > void X509_STORE_CTX_set_get_issuer(X509_STORE_CTX *ctx,
> > X509_STORE_CTX_get_issuer
> > get_issuer);
> > X509_STORE_CTX_get_issuer X509_STORE_CTX_get_get_issuer(X509_STORE_CTX
> > *ctx);
> > void X509_STORE_CTX_set_check_issued(X509_STORE_CTX *ctx,
> > X509_STORE_CTX_check_issued
> > check_issued);
> > X509_STORE_CTX_check_issued
> > X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
>
> For this part, https://github.com/openssl/openssl/pull/1294
So, looking at this again after some sleep, there's a part of this solution
that I'm unsure of, and it all comes back to X509_STORE_CTX_init(), where the
X509_STORE context gets initialised from the X509_STORE, including all the
function pointers. This has me wonder if the X509_STORE_CTX setters should
really be made available (perhaps with the exception of the verify and
verify_cb ones). Doesn't it make more sense to set those function pointers when
creating the X509_STORE itself? Why would those functions need to be changed in
the context?
Cheers,
Richard
--
Richard Levitte
levitte at openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
Please log in as guest with password guest if prompted
More information about the Pkg-openssl-devel
mailing list