On Mon, Aug 05, 2002 at 09:01:46AM -0400, Daniel Berlin wrote:
> On Mon, 5 Aug 2002, Daniel Stenberg wrote:
>
> > On Mon, 5 Aug 2002, Daniel Berlin wrote:
> >
> > > The first thing that occurred when i woke up this morning was that the PEM
> > > reader can't use the default private key prompt because it doesn't take a
> > > context argument.
> >
> > Is that really so?
>
> Yup.
> they take:
> (FILE *, <X509 ** or EVP_PKEY ** in the cases we call them for>, password
> callback, userdata).
>
> None of them take a CTX.
>
> I would imagine this is becuse they are in libcrypto, and not libssl.
> They don't want to require an SSL ctx just to read certificates.
>
> However, maybe instead, neon should use the SSL_CTX_* functions that read
> certificates into the SSL context, and probably use the default password
> callback since they take a context.
I looked into this - since the SSL_CTX_* functions load the cert and key
directly into the SSL_CTX structure, the callback-based client cert
provider function would need to somehow extract the EVP_KEY * and X509 *
back out of the SSL_CTX after ne_ssl_load_* was called. I couldn't find
an obvious way of doing that with the OpenSSL API.
Given that the SSL_CTX_* functions are not actually used to load the
client certs, the SSL_CTX_set_default_passwd_cb* calls would seem to be
redundant, so I'll remove them.
Regards,
joe
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Aug 6 00:12:24 2002