Stephen Henson via RT wrote: > On Fri Jan 29 17:35:05 2016, steve wrote: >> On Fri Jan 29 15:08:47 2016, [email protected] wrote: >>> Howard Chu via RT wrote: >>>> In OpenLDAP we reference X509_NAME->bytes->data directly, we want >>>> the >>>> DER >>>> bytes which we then pass thru our own DN validator/formatter. This >>>> no >>>> longer >>>> works with OpenSSL 1.1 and I don't see any provided method to >>>> return >>>> the DER >>>> bytes. I don't want a malloc'd copy, I just want read-only access >>>> to >>>> the bytes >>>> already cached inside the X509_NAME structure. >>>> >>>> The attached patch would be sufficient to meet this requirement. >>> >>> We are tracking this here as well: >>> >>> http://www.openldap.org/its/index.cgi/Development?id=8353 >> >> >> I'd rather we didn't return a pointer to the internal BUF_MEM as we >> might want >> to change that at some point. >> >> Would a function like: >> >> int X509_NAME_der(const X509_NAME *nm, const char **pder); >> >> be suitable for your needs? >> > > Thinking about it a better name for comply with our naming convention would be > X509_NAME_get0_der.
Just to be clear - in our use case we already know the length. But if the function you're proposing is returning only a success/error code, then the function should probably also provide the length as a return parameter, for more general users. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
