cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: OpenSSL ENGINE 2nd version

From: Götz Babin-Ebell <babinebell_at_trustcenter.de>
Date: Tue, 18 Dec 2001 17:50:37 +0100

Götz Babin-Ebell wrote:

I hate to reply to myself...

> Daniel Stenberg wrote:
[...]
> > It would be a really swell addition to the docs/examples section...
>
> It is primarily a example to use curl with SSL.
> A quick (not tested) example is atteched.
> diff simplessl.c simplessl.c.old | less

And then a patch to something I have written...

> diff -u simplessl.c.old simplessl.c
--- simplessl.c.old Tue Dec 18 17:40:29 2001
+++ simplessl.c Tue Dec 18 17:41:18 2001
@@ -26,6 +26,8 @@
    4. if you don't use a crypto engine:
    4.1. set pKeyName to the file name of your client key
    4.2. if the format of the key file is DER, set pKeyType to "DER"
+ 4.3. On systems without a random device you must load ramdom data
+ into the SSL subsystem.
 
    !! verify of the server certificate is not implemented here !!
 */
@@ -42,15 +44,19 @@
   const char *pKeyType;
 
   const char *pEngine;
+ const char *pRandFile;
 
 #if USE_ENGINE
   pKeyName = "rsa_test";
   pKeyType = "ENG";
   pEngine = "chil"; /* for nChiper HSM... */
+ pRandFile = NULL; /* we get the random data from crypto
module */
 #else
   pKeyName = "testkey.pem";
   pKeyType = "PEM";
- pEngine = NULL;
+ pEngine = NULL; /* no crypto engine */
+ pRandFile = ".rnd"; /* if system has a random device (e.g.
linux),
+ this can be NULL */
 #endif
 
   const char *pPassphrase = NULL;
@@ -65,6 +71,8 @@
     curl_easy_setopt(curl, CURLOPT_URL, "https://curl.haxx.se");
     curl_easy_setopt(curl, CURLOPT_WRITEHEADER, headerfile);
 
+ if (pRandFile)
+ curl_eays_setopt(curl,CURLOPT_RANDOM_FILE,pRandFile);
     while(1) /* do some ugly short cut... */
     {
        if (pEngine) /* use crypto engine */
=============================

Description:
some systems (e.g. solaris) don't have a random pool.
But SSL needs some random data, so we have to support a random file.
But only if we don't have a crypto mdule...

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

Received on 2001-12-18