Re: OpenSSL ENGINE 2nd version
Date: Tue, 18 Dec 2001 17:50:37 +0100
Götz Babin-Ebell wrote:
I hate to reply to myself...
> Daniel Stenberg wrote:
> > It would be a really swell addition to the docs/examples section...
> It is primarily a example to use curl with SSL.
> A quick (not tested) example is atteched.
> diff simplessl.c simplessl.c.old | less
And then a patch to something I have written...
> diff -u simplessl.c.old simplessl.c
--- simplessl.c.old Tue Dec 18 17:40:29 2001
+++ simplessl.c Tue Dec 18 17:41:18 2001
@@ -26,6 +26,8 @@
4. if you don't use a crypto engine:
4.1. set pKeyName to the file name of your client key
4.2. if the format of the key file is DER, set pKeyType to "DER"
+ 4.3. On systems without a random device you must load ramdom data
+ into the SSL subsystem.
!! verify of the server certificate is not implemented here !!
@@ -42,15 +44,19 @@
const char *pKeyType;
const char *pEngine;
+ const char *pRandFile;
pKeyName = "rsa_test";
pKeyType = "ENG";
pEngine = "chil"; /* for nChiper HSM... */
+ pRandFile = NULL; /* we get the random data from crypto
pKeyName = "testkey.pem";
pKeyType = "PEM";
- pEngine = NULL;
+ pEngine = NULL; /* no crypto engine */
+ pRandFile = ".rnd"; /* if system has a random device (e.g.
+ this can be NULL */
const char *pPassphrase = NULL;
@@ -65,6 +71,8 @@
curl_easy_setopt(curl, CURLOPT_URL, "https://curl.haxx.se");
curl_easy_setopt(curl, CURLOPT_WRITEHEADER, headerfile);
+ if (pRandFile)
while(1) /* do some ugly short cut... */
if (pEngine) /* use crypto engine */
some systems (e.g. solaris) don't have a random pool.
But SSL needs some random data, so we have to support a random file.
But only if we don't have a crypto mdule...
-- Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature