fre 2016-07-08 klockan 06:08 +0000 skrev Richard Levitte via RT: > On Thu Jul 07 21:29:09 2016, levitte wrote: > > On Sat Jul 02 10:59:38 2016, k...@roeckx.be wrote: > > > /* Add to include/openssl/x509_vfy.h : */ > > > > > > typedef int (*X509_STORE_CTX_get_issuer)(X509 **issuer, > > > X509_STORE_CTX > > > *ctx, X509 *x); > > > typedef int (*X509_STORE_CTX_check_issued)(X509_STORE_CTX *ctx, > > > X509 > > > *x, X509 *issuer); > > > > > > void X509_STORE_CTX_set_get_issuer(X509_STORE_CTX *ctx, > > > X509_STORE_CTX_get_issuer > > > get_issuer); > > > X509_STORE_CTX_get_issuer > > > X509_STORE_CTX_get_get_issuer(X509_STORE_CTX > > > *ctx); > > > void X509_STORE_CTX_set_check_issued(X509_STORE_CTX *ctx, > > > X509_STORE_CTX_check_issued > > > check_issued); > > > X509_STORE_CTX_check_issued > > > X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); > > > > For this part, https://github.com/openssl/openssl/pull/1294 > > So, looking at this again after some sleep, there's a part of this > solution > that I'm unsure of, and it all comes back to X509_STORE_CTX_init(), > where the > X509_STORE context gets initialised from the X509_STORE, including > all the > function pointers. This has me wonder if the X509_STORE_CTX setters > should > really be made available (perhaps with the exception of the verify > and > verify_cb ones). Doesn't it make more sense to set those function > pointers when > creating the X509_STORE itself? Why would those functions need to be > changed in > the context? > > Cheers, > Richard > > -- > Richard Levitte > levi...@openssl.org >
Looking at the various places in the code where get_issuer and check_issued are accessed, they mostly use the context rather than the store. Here are the places I have found: https://sources.debian.net/src/nordugrid-arc/5.1.2-1/src/hed/libs/credential/CertUtil.cpp/#L71 https://sources.debian.net/src/canl-c/2.1.6-2/src/proxy/sslutils.c/#L1581 https://sources.debian.net/src/voms/2.0.13-1/src/sslutils/sslutils.c/#L1588 https://sources.debian.net/src/globus-gsi-callback/5.8-2/library/globus_gsi_callback.c/#L367 https://sources.debian.net/src/globus-gsi-callback/5.8-2/library/globus_gsi_callback.c/#L1059 https://sources.debian.net/src/globus-gsi-credential/7.9-2/library/globus_gsi_cred_handle.c/#L1997 And the following one actually uses the store and not the context: https://sources.debian.net/src/globus-gssapi-gsi/12.1-1/library/globus_i_gsi_gss_utils.c/#L448 Mattias -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602 Please log in as guest with password guest if prompted
smime.p7s
Description: S/MIME cryptographic signature
