This is an enhancement request.

OpenSSL 1.1 hides details of structures used to load X.509 certificates, 
in particular - x509_lookup_method_st , x509_lookup_st and x509_object_st.
This impact non OpenSSL projects as external application has to 
duplicated those structures.

Request is OpenSSL do not change those structures until new 
implementation in a binary incompatible release.

It seems to me current look-up method is quite complex.
For instance get_by_subject performs two main steps load and query - see 
In first step code using "query constraint" fetch data and adds each 
item found to store. Update of store requires thread lock.
In second step code query entire store using "query constraint" and 
prepare result. Query of store requires thread lock.

I guess that could be used more simple "callback" model - a method with 
callback context.
Method fetch data, return only item (certificate, CRL, etc.) on each 
call and so until end of data.
With this model library is responsible to update store and to prepare 
result. Lock of store could be managed internally.


Ticket here:
Please log in as guest with password guest if prompted

openssl-dev mailing list
To unsubscribe:

Reply via email to