On Tue, Apr 01, 2014, Viktor Dukhovni wrote: > > What were your plans for X509_VERIFY_PARAM_ID_st for DANE? That's > where the TLSA records were going to be right? > > If you post a note about the approach you want to take with extending > X509_VERIFY_PARAM_ID_st I can provide a more complete patch. >
At this stage it doesn't matter too much how X509_VERIFY_PARAM_ID is extended as long as it stays as an opaque structure in a private header file. By doing that it can be reorganised later to handle new features without breaking binary compatibility. That would be much trickier if new fields had been added to the X509_VERIFY_PARAM which is defined in a public header file. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org