On Tue, 9 Mar 2010, Petr Pisar wrote:

I'm cc'ing my response to curl-library since we're discussing modifying the
lib. I do think we should move this discussion over to that list.

> I inspired by openssl(1) initicialization and adjusted curl library.
>
> Now I'm able to list dynamic engines defined in config file:

> Well, user can use OPENSSL_CONF environment variable or to use default
> openssl.cnf file from default OpenSSL directory.

Thanks! It certainly seems like a decent approach to add. I miss the
documentation part of the patch (at least a rudimental description of how it
is to be used) and I do have some questions about the implementation. See
below:

> +#define OSSL_CONF_FILE_NAME "openssl.cnf"

Is this a common name for a config file of this sorts for OpenSSL? The name
seems to imply it so I assume it is...

I must confess I dislike the idea of using environment variables to control
library behaviors, but in this case since it wants to change how the global
init is done, I can't see a lot of good alternatives.

> + prefix = X509_get_default_cert_area();

And this call is safe and known to never fail?

> + length = strlen(prefix) + strlen(OSSL_CONF_FILE_NAME) + 2;
> + filename = OPENSSL_malloc(length);

Why not use plain malloc here?

> + if (!filename) return 0;
> +
> + BUF_strlcpy(filename, prefix, length);
> + BUF_strlcat(filename, "/", length);
> + BUF_strlcat(filename, OSSL_CONF_FILE_NAME, length);

And why not just sprintf() that string instead of doing three OpenSSL-specific
function calls? (or in fact using aprintf() as it would avoid the separate
malloc call)

> + config=NCONF_new(NULL);

What happens if NCONF_new() fails? Surely it returns NULL then, do all the
subsequent functions that uses the config as argument handle a NULL passed in?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html