OSSL_STORE_open(): how are multiple types of objects handled?
Graham Leggett
minfrin at sharp.fm
Tue Dec 19 12:38:05 UTC 2023
Hi all,
The OSSL_STORE_open() describes how keys/certs/crls can be loaded from an URL, which makes sense as a concept, but there are some details I am missing.
Can one URL point at multiple types of objects at once?
For example, is it possible to point at a file:// URL containing multiple objects, for example a leaf cert, intermediates and a CA cert, and expect this to work?
For pkcs11 URLs, I am imagining you would need to call OSSL_STORE_open() over and over again, once for each object, the cert, the intermediate(s), the key. Is this true?
How are CA certificates handled? Is this based on the passing of TRUSTED CERTIFICATEs, or some other mechanism?
Regards,
Graham
—
More information about the openssl-users
mailing list