<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Thanks for your pointers.<br>
<br>
I searched a bit further and noticed the existence of a STORE
method and the associated (un)register functions with an engine.
Looking at its API, it looks like it provides the key and
certificate loading function signatures that I need. Therefore, I
was considering implementing (a subset of) the STORE method
functions in my engine.<br>
<br>
From the <a
href="https://github.com/openssl/openssl/blob/master/crypto/store/README">README
in crypto/store in master</a>, I conclude that future versions
will provide X509_STORE as a default implementation for the store
as well. Therefore, this seems the right approach in the long run.
I am currently using a 1.0.1 version.<br>
<br>
However, I could not find any example of any engine implementing a
store. There do not seem to be any tests either. Can you/someone
confirm that implementing (a subset of) a store in my engine is a
valid approach at the moment (and in the future)?<br>
<br>
Thanks,<br>
Reinier<br>
<br>
On 8/6/15 8:06 PM, Dr. Stephen Henson wrote:<br>
</div>
<blockquote cite="mid:20150806230618.GA26266@openssl.org"
type="cite">
<pre wrap="">On Thu, Aug 06, 2015, Reinier Torenbeek wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I am interested in leveraging the following three functions:
ENGINE_load_private_key()
ENGINE_load_public_key()
ENGINE_load_certificate()
Unfortunately, the latter is missing. This was mentioned in a recent
thread on this list as well (see
<a class="moz-txt-link-freetext" href="http://www.mail-archive.com/openssl-users@openssl.org/msg77566.html">http://www.mail-archive.com/openssl-users@openssl.org/msg77566.html</a>). Is
it planned for any future release?
</pre>
</blockquote>
<pre wrap="">
At some point yes but it's quite complex decided what the parameters should
be: e.g. to lookup certificates matching one or more criteria.
</pre>
<blockquote type="cite">
<pre wrap="">The former two functions are present though and I was looking for their
EVP-level counterparts to access them in the proper way. Apparently,
those do not exist either. Previously, I was under the impression that
the EVP API exposes all engine-implemented functions. Are these
EVP_load_xxx functions missing from EVP because they are "todo in a
future release" or are they omitted by design?
</pre>
</blockquote>
<pre wrap="">
The ENGINE_load*key functions rerturn an EVP_PKEY structure which can be
used by EVP directly.
There are other functions which can load an EVP_PKEY structure too like the
PEM and PKCS12 functions.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: <a class="moz-txt-link-freetext" href="http://www.openssl.org">http://www.openssl.org</a>
_______________________________________________
openssl-users mailing list
To unsubscribe: <a class="moz-txt-link-freetext" href="https://mta.openssl.org/mailman/listinfo/openssl-users">https://mta.openssl.org/mailman/listinfo/openssl-users</a>
</pre>
</blockquote>
<br>
</body>
</html>