On Thu Jul 07 21:29:09 2016, levitte wrote: > On Sat Jul 02 10:59:38 2016, k...@roeckx.be wrote: > > /* Add to include/openssl/x509_vfy.h : */ > > > > typedef int (*X509_STORE_CTX_get_issuer)(X509 **issuer, X509_STORE_CTX > > *ctx, X509 *x); > > typedef int (*X509_STORE_CTX_check_issued)(X509_STORE_CTX *ctx, X509 > > *x, X509 *issuer); > > > > void X509_STORE_CTX_set_get_issuer(X509_STORE_CTX *ctx, > > X509_STORE_CTX_get_issuer > > get_issuer); > > X509_STORE_CTX_get_issuer X509_STORE_CTX_get_get_issuer(X509_STORE_CTX > > *ctx); > > void X509_STORE_CTX_set_check_issued(X509_STORE_CTX *ctx, > > X509_STORE_CTX_check_issued > > check_issued); > > X509_STORE_CTX_check_issued > > X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); > > For this part, https://github.com/openssl/openssl/pull/1294
So, looking at this again after some sleep, there's a part of this solution that I'm unsure of, and it all comes back to X509_STORE_CTX_init(), where the X509_STORE context gets initialised from the X509_STORE, including all the function pointers. This has me wonder if the X509_STORE_CTX setters should really be made available (perhaps with the exception of the verify and verify_cb ones). Doesn't it make more sense to set those function pointers when creating the X509_STORE itself? Why would those functions need to be changed in the context? Cheers, Richard -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602 Please log in as guest with password guest if prompted
