This is an enhancement request.
OpenSSL 1.1 hides details of structures used to load X.509 certificates,
in particular - x509_lookup_method_st , x509_lookup_st and x509_object_st.
This impact non OpenSSL projects as external application has to
duplicated those structures.
Request is OpenSSL do not change those structures until new
implementation in a binary incompatible release.
It seems to me current look-up method is quite complex.
For instance get_by_subject performs two main steps load and query - see
In first step code using "query constraint" fetch data and adds each
item found to store. Update of store requires thread lock.
In second step code query entire store using "query constraint" and
prepare result. Query of store requires thread lock.
I guess that could be used more simple "callback" model - a method with
Method fetch data, return only item (certificate, CRL, etc.) on each
call and so until end of data.
With this model library is responsible to update store and to prepare
result. Lock of store could be managed internally.
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4681
Please log in as guest with password guest if prompted
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev