In OpenLDAP we reference X509_NAME->bytes->data directly, we want the DER bytes which we then pass thru our own DN validator/formatter. This no longer works with OpenSSL 1.1 and I don't see any provided method to return the DER bytes. I don't want a malloc'd copy, I just want read-only access to the bytes already cached inside the X509_NAME structure.
The attached patch would be sufficient to meet this requirement. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
>From 96cb450f9a41feeea3612be9cff2384a4a30ed77 Mon Sep 17 00:00:00 2001 From: Howard Chu <[email protected]> Date: Tue, 26 Jan 2016 19:18:54 +0000 Subject: [PATCH] Add X509_NAME_der() --- crypto/x509/x_name.c | 5 +++++ include/openssl/x509.h | 1 + 2 files changed, 6 insertions(+) diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index f151da4..f22266e 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -568,3 +568,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) OPENSSL_free(b); return 0; } + +BUF_MEM *X509_NAME_der(X509_NAME *name) +{ + return name->bytes; +} diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 50a5edd..cf4473a 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -818,6 +818,7 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); # endif +BUF_MEM *X509_NAME_der(X509_NAME *name); int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); -- 1.9.1
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
