curl-users
Re: Custom OpenSSL crypto engine not known to cURL
Date: Wed, 10 Mar 2010 10:57:33 +0100 (CET)
On Tue, 9 Mar 2010, Petr Pisar wrote:
I'm cc'ing my response to curl-library since we're discussing modifying the
lib. I do think we should move this discussion over to that list.
> I inspired by openssl(1) initicialization and adjusted curl library.
>
> Now I'm able to list dynamic engines defined in config file:
> Well, user can use OPENSSL_CONF environment variable or to use default
> openssl.cnf file from default OpenSSL directory.
Thanks! It certainly seems like a decent approach to add. I miss the
documentation part of the patch (at least a rudimental description of how it
is to be used) and I do have some questions about the implementation. See
below:
> +#define OSSL_CONF_FILE_NAME "openssl.cnf"
Is this a common name for a config file of this sorts for OpenSSL? The name
seems to imply it so I assume it is...
I must confess I dislike the idea of using environment variables to control
library behaviors, but in this case since it wants to change how the global
init is done, I can't see a lot of good alternatives.
> + prefix = X509_get_default_cert_area();
And this call is safe and known to never fail?
> + length = strlen(prefix) + strlen(OSSL_CONF_FILE_NAME) + 2;
> + filename = OPENSSL_malloc(length);
Why not use plain malloc here?
> + if (!filename) return 0;
> +
> + BUF_strlcpy(filename, prefix, length);
> + BUF_strlcat(filename, "/", length);
> + BUF_strlcat(filename, OSSL_CONF_FILE_NAME, length);
And why not just sprintf() that string instead of doing three OpenSSL-specific
function calls? (or in fact using aprintf() as it would avoid the separate
malloc call)
> + config=NCONF_new(NULL);
What happens if NCONF_new() fails? Surely it returns NULL then, do all the
subsequent functions that uses the config as argument handle a NULL passed in?
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-users FAQ: http://curl.haxx.se/docs/faq.html Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2010-03-10