|
NAME
DESCRIPTIONThe
Unfortunately, application programs can hardly avoid using the concept because several important OpenSSL APIs rely on it; see the SEE ALSO section for examples. Even though both pages are more complicated than any manual page ought to be, using the concept safely requires a complete understanding of all the details in both this manual page and in OPENSSL_sk_new(3). The
For a considerable number of types, OpenSSL
provides one wrapper function for each function described in
OPENSSL_sk_new(3). The names of these wrapper functions are
usually constructed by inserting the name of the type and an underscore
after the ‘sk_’ prefix of the function name. Usually, where
the real functions take void * arguments, the wrappers
take pointers to the type in questions, and where the
real functions take _STACK * arguments, the wrappers
take pointers to
Using the above may make sense for the following types because public API functions exist that take stacks of these types as arguments or return them: ASN1_INTEGER, ASN1_OBJECT, ASN1_UTF8STRING, CMS_RecipientInfo, CMS_SignerInfo, CONF_VALUE, GENERAL_NAMES, GENERAL_SUBTREE, OPENSSL_STRING (which is just char *), PKCS12_SAFEBAG, PKCS7, PKCS7_RECIP_INFO, PKCS7_SIGNER_INFO, POLICYQUALINFO, SRTP_PROTECTION_PROFILE, SSL_CIPHER, SSL_COMP, X509, X509_ALGOR, X509_ATTRIBUTE, X509_CRL, X509_EXTENSION, X509_INFO, X509_NAME, X509_OBJECT, X509_POLICY_NODE, X509_REVOKED. Additionally, some public API functions use the following types which are declared with typedef:
Even though the OpenSSL headers declare wrapper
functions for many more types and even though the OpenSSL documentation says
that users can declare their own stack types, using
EXAMPLESThe following program creates a certificate object, puts two pointers to it on a stack, and uses X509_free(3) to clean up properly: #include <err.h>
#include <stdio.h>
#include <openssl/x509.h>
int
main(void)
{
STACK_OF(X509) *stack;
X509 *x;
if ((stack = sk_X509_new_null()) == NULL)
err(1, NULL);
if ((x = X509_new()) == NULL)
err(1, NULL);
if (sk_X509_push(stack, x) == 0)
err(1, NULL);
if (X509_up_ref(x) == 0)
errx(1, "X509_up_ref failed");
if (sk_X509_push(stack, x) == 0)
err(1, NULL);
printf("%d pointers: %p, %p\n", sk_X509_num(stack),
sk_X509_value(stack, 0), sk_X509_value(stack, 1));
sk_X509_pop_free(stack, X509_free);
return 0;
}
The output looks similar to: 2 pointers: 0x4693ff24c00,
0x4693ff24c00SEE ALSOcrypto(3), OCSP_request_sign(3), OPENSSL_sk_new(3), PKCS12_parse(3), PKCS7_encrypt(3), SSL_CTX_set_client_CA_list(3), SSL_get_ciphers(3), SSL_get_peer_cert_chain(3), SSL_load_client_CA_file(3), X509_CRL_get_REVOKED(3), X509_STORE_CTX_get0_chain(3) HISTORYThe
|