Add getters for X509_OBJECT #979
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
Great. We need a brief description for |
Member
|
Personally, I'd rather see an iterator than returning the stack... However, that would be breaking entirely new ground. Maybe refactoring for OpenSSL 1.2? |
Contributor
|
Yes, iterators are new and should wait. |
Contributor
Author
|
@richsalz where do you want to have the documentation, doc/crypto/X509_STORE_new.pod ? |
Contributor
|
Yes. |
55bf5af to
7e191b3
Compare
Contributor
Author
|
I found another missing function. OpenSSL 1.1.0 has X509_STORE_set1_param() but lacks X509_STORE_get0_param(). Do you like to have a separate PR or can I just add the getter to this PR? |
Contributor
|
No, add it here! Thanks. |
7e191b3 to
5858b32
Compare
crypto/x509/x509_lu.c
Outdated
5858b32 to
9a75b49
Compare
OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl module requires access to some of the struct members. Three new getters are added: int X509_OBJECT_get_type(X509_OBJECT *a); STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); Signed-off-by: Christian Heimes <cheimes@redhat.com>
9a75b49 to
d5dd5f4
Compare
Contributor
Author
|
@levitte I addressed both of your comments and rebased my patch to current master. |
Member
|
Cool. I'm satisfied. This is going in. |
Member
|
And done! Thank you |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
OpenSSL 1.1.0-pre5 breaks Python's SSL module again. In two functions
Python's ssl module gets all X509_OBJECT from the context's X509_STORE
and iterates over them.
https://hg.python.org/cpython/file/tip/Modules/_ssl.c#l3420
https://hg.python.org/cpython/file/tip/Modules/_ssl.c#l3467
OpenSSL 1.1.0 lacks two functions to implement the same feature.
X509_OBJECT_get0_X509() is already defined.
STACK_OF(X509_OBJECT) X509_STORE_get0_objects(X509_STORE);
int X509_OBJECT_get_type(X509_OBJECT*);
Signed-off-by: Christian Heimes cheimes@redhat.com