cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Custom OpenSSL crypto engine not known to cURL

From: Petr Pisar <petr.pisar_at_atlas.cz>
Date: Thu, 11 Mar 2010 10:19:48 +0100

On Thu, Mar 11, 2010 at 03:29:07AM +0100, Guenter wrote:
> Hi, Petr Pisar schrieb:
> > On Wed, Mar 10, 2010 at 08:41:35PM +0100, Guenter wrote:
> >> Petr Pisar schrieb:
> >>> OPENSSL_CONF is the same hack as SSL_DIR for NSS crypto backend. When
> >>> I wrote my application, I thought CURLOPT_CAPATH should carry NSS
> >>> database path instead of setting SSL_DIR. It's little confusing.
> >> SSL_DIR is not a hack by us here, but is already used inside NSS self
> >> - though badly documented ...
> >>
> > Realy? If I look into curl, I can see you pass the variable value into
> > NSS_Initialize() only and you do not use it anywhere else. If the variable
> > is not defined you just pass some default string and you _don't_ export it
> > for sake of NSS.
> >
> > If I grep NSS, the only places presenting SSL_DIR are inside testing code,
> > not in the library itself.
> http://curl.haxx.se/mail/lib-2009-09/0321.html
>
Exactly as Kamil Dudek said

> SSL_DIR is sort of standard

Question is whether its upcoming or leaving standard because all three tools
(dbtest, remtest, tstclnt) are not installed by nss by default.

I tracked the SSL_DIR data and it is used only as a fall-back for undefined -d
(database directory) argument. Thus it has exactly the same purpose as
OPENSSL_CNF variable (OpenSSL tools have -config option and OPENSSL_CNF as
a second resolution).

Frankly, I'm not against new curl(1/3) option instead of or next to environment
variable. I just think it's the simplest and in OpenSSL world well-accepted
solution.

-- Petr

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

  • application/pgp-signature attachment: stored
Received on 2010-03-11