This is an enhancement request. OpenSSL 1.1 hides details of structures used to load X.509 certificates, in particular - x509_lookup_method_st , x509_lookup_st and x509_object_st. This impact non OpenSSL projects as external application has to duplicated those structures.
Request is OpenSSL do not change those structures until new implementation in a binary incompatible release. It seems to me current look-up method is quite complex. For instance get_by_subject performs two main steps load and query - see "by_dir". In first step code using "query constraint" fetch data and adds each item found to store. Update of store requires thread lock. In second step code query entire store using "query constraint" and prepare result. Query of store requires thread lock. I guess that could be used more simple "callback" model - a method with callback context. Method fetch data, return only item (certificate, CRL, etc.) on each call and so until end of data. With this model library is responsible to update store and to prepare result. Lock of store could be managed internally. Regards, Roumen -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4681 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
