cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: CURLOPT_SSLKEYTYPE in DER format

From: Václav Zeman <vhaisman_at_gmail.com>
Date: Mon, 2 Sep 2013 17:04:47 +0200

On 2 September 2013 16:09, Daniel Stenberg wrote:
> On Mon, 2 Sep 2013, Václav Zeman wrote:
>
>> I am reading the curl_easy_setopt() documentation and I am reading this
>> for CURLOPT_SSLKEYTYPE:
>>
>>> ..."DER" format key file currently does not work because of a bug in
>>> OpenSSL.
>>
>>
>> Is this still true? What version of OpenSSL does it include? All of
>> them? Is there an official OpenSSL bug report for this issue?
>
>
> I don't know if this is still true and I don't know if it ever was an
> OpenSSL issue filed. Feel free to dig into the issue and let us know what
> you find! I suspect it hasn't been scrutinized in detail by very many
> people...
>
> The source of that information is this:
> http://curl.haxx.se/mail/lib-2004-05/0139.html and it was added to the
> documentation in git commit 23a43c6e.

Alright, I have done some digging and it appears that the missing
functionality has been implemented in later released of OpenSSL. Here
is a quote from OpenSSL 0.9.8y source package's CHANGES file:

Changes between 0.9.7h and 0.9.8 [05 Jul 2005]
...
  *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
     to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
     [Walter Goulet]

Here is a link to what appears to be the commit that implemented the
above: <http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=dc0ed30cfeb37d64fc2bd26887b19e0898a96bde>

I have not done any actual testing, though.

-- 
VZ
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-09-02