Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
> I'm concerned that according plan next release is final one. Thank you for the feedback! We know that various accessors still need to be provided, and things like what you pointed out are bugs to be fixed. If there are other things you find missing, please let us know. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
So let me try to summarize. You need X509 *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, X509_NAME *name) X509_CRL *X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs, X509_NAME *name) And replace the existing "X509_STORE_get_X509_by_subject" We also need X590_OBJECT_new() and X509_OBJECT_free and X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a). Make sure the memory issues are addressed and avoid double-free. Right? -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
> You need > X509 *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, > X509_NAME *name) > X509_CRL *X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs, > X509_NAME *name) And replace the existing > "X509_STORE_get_X509_by_subject" > > We also need X590_OBJECT_new() and X509_OBJECT_free and X509_CRL > *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a). > > Make sure the memory issues are addressed and avoid double-free. > > Right? "You need" is misleading. These are new accessors needed because the X509_OBJECT was made opaque. In other words we did it :) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
Hi Rich,
Scope of my request is "use of a lookup method".
Salz, Rich wrote:
You need
(1)
I test port to current openssl code with following definitions
X509_OBJECT_new() and X509_OBJECT_get0_X509_CRL. :
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index ff64821..8547b0d 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -450,6 +450,12 @@ int X509_OBJECT_get_type(X509_OBJECT *a)
return a->type;
}
+X509_OBJECT *X509_OBJECT_new()
+{
+X509_OBJECT *ret;
+return OPENSSL_malloc(sizeof (*ret));
+}
+
void X509_OBJECT_free(X509_OBJECT *a)
{
if (a == NULL)
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index c4ca619..ff64821 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -433,9 +433,18 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a)
X509 *X509_OBJECT_get0_X509(X509_OBJECT *a)
{
+if (a == NULL) return NULL;
+if (a->type != X509_LU_X509) return NULL;
return a->data.x509;
}
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a)
+{
+if (a == NULL) return NULL;
+if (a->type != X509_LU_CRL) return NULL;
+return a->data.crl;
+}
+
int X509_OBJECT_get_type(X509_OBJECT *a)
{
return a->type;
After port I note that two new functions (see bellow) will simplify code:
(2)
X509 *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs,
X509_NAME *name)
X509_CRL *X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs,
X509_NAME *name) And replace the existing
"X509_STORE_get_X509_by_subject"
This is my request - to define:
- X509 *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, X509_NAME *name)
- X509_CRL *X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs,
X509_NAME *name)
( Side effect is that with functions from (2) program code will avoid
use of functions from (1) )
We also need X590_OBJECT_new() and X509_OBJECT_free and X509_CRL
*X509_OBJECT_get0_X509_CRL(X509_OBJECT *a).
It is good to have:
- X590_OBJECT_new()
- X509_CRL* X509_OBJECT_get0_X509_CRL(X509_OBJECT *)
- int X509_OBJECT_set0_X509_CRL(X509_OBJECT*, X509_CRL*)
- int X509_OBJECT_set0_X509(X509_OBJECT*, X509* )
but this is out of scope for now.
It is related to API for X509_LOOKUP_METHOD. Lets to discuss separately
when accessors for X509_LOOKUP_METHOD are defined.
Make sure the memory issues are addressed and avoid double-free.
Right?
"You need" is misleading. These are new accessors needed because the
X509_OBJECT was made opaque. In other words we did it :)
Regards,
Roumen
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
Roumen Petrov wrote: [SNIP] This is my request - to define: - X509 *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, X509_NAME *name) - X509_CRL *X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs, X509_NAME *name) Perhaps X509_STORE_CTX_get... instead X509_STORE_get as first argument is X509_STORE_CTX. Regards, Roumen -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
Can you look at https://github.com/openssl/openssl/pull/1044 and see if it addresses the issues? Thanks. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz > -Original Message- > From: Roumen Petrov [mailto:open...@roumenpetrov.info] > Sent: Saturday, May 07, 2016 4:46 AM > To: openssl-dev@openssl.org > Subject: Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT > internal or opaque? > > Roumen Petrov wrote: > > [SNIP] > > This is my request - to define: > > - X509 *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, > X509_NAME > > *name) > > - X509_CRL *X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX > *vs, > > X509_NAME *name) > Perhaps X509_STORE_CTX_get... instead X509_STORE_get as first argument > is X509_STORE_CTX. > > Regards, > Roumen > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
Hi Rich,
Salz, Rich wrote:
Can you look at https://github.com/openssl/openssl/pull/1044 and see if it
addresses the issues?
Yes.
May be with some definitions for backward compatibility. I mean for
renamed pre 1.1 functions - with inserted ..._CTX into name of :
- X509_STORE_get_by_subject
- X509_STOREget1_{certs|crls}
I understand idea of new function X509_STORE_CTX_get_X509_by_subject.
X509 is misleading.
What about X509_STORE_CTX_get_obj_by_subject?
Regards,
Roumen
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
> > Can you look at https://github.com/openssl/openssl/pull/1044 and see if it
> addresses the issues?
> Yes.
Great, thanks!
> May be with some definitions for backward compatibility. I mean for
> renamed pre 1.1 functions - with inserted ..._CTX into name of :
> - X509_STORE_get_by_subject
> - X509_STOREget1_{certs|crls}
Added #define's for the old names.
> I understand idea of new function X509_STORE_CTX_get_X509_by_subject.
> X509 is misleading.
> What about X509_STORE_CTX_get_obj_by_subject?
That's better.
I pushed a new version that adds your feedback.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
Salz, Rich wrote: Can you look at https://github.com/openssl/openssl/pull/1044 [SNIP ] I pushed a new version that adds your feedback. 10x, it's fine by me. Roumen -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
