Hello Everyone.
I am migrating code written to the old 1.0 (actually probably more like 0.9.?)
X509_STORE API which has a replacement for the check_issuer callback function.
Unless I am missing something the 1.1.1c SDK's public API is missing some
accessor functions that are required for a like-for-like update to 1.1.1c.
void X509_STORE_CTX_set0_current_issuer(X509_STORE_CTX *ctx, X509 *cert){
ctx->current_issuer = cert;
}
void X509_STORE_CTX_set0_error(X509_STORE_CTX *ctx, int error) {
ctx->error = error;
}
I suspect I will need to build this as an internal OpenSSL source module in
order to allow access inside the STORE structure.
Or, have I missed a replacement API somewhere?
The reason for using our own callback function is to allow for the situation
where a trustpoint collection may contain multiple certificates with the same
DN but different keys. The second (or later) of these may be the signer of the
certificate being verified. The OpenSSL version would stop when it encountered
the first certificate with an incorrect key. If OpenSSL now supports this
situation we could remove the need to set our own callback.
Simon Edwards
Principal Software Engineer
Micro Focus
simon.edwa...@microfocus.com<mailto:simon.edwa...@microfocus.com>
The Lawn, 22-30 Old Bath Road
Newbury, Berkshire, UK
Shoretel 44224
Direct: +44 1635 565487
