<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<div class="moz-cite-prefix">On 12/26/2017 14:07, Kurt Roeckx wrote:<br>
</div>
<blockquote type="cite" cite="mid:20171226200729.GA16584@roeckx.be">
<pre wrap="">On Tue, Dec 26, 2017 at 01:42:57PM -0600, Karl Denninger wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
On 12/26/2017 13:14, Salz, Rich via openssl-users wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
So if you put locks around the SSL_CTX object when it’s used, then you
can use the set private key call to update the key; and then all
SSL_new objects afterwards will use the new credentials. Does that
meet your need?
</pre>
</blockquote>
<pre wrap="">Yes, that I already know how to do. The issue is how to get the key
from a PEM file into a format that I can feed it with set private key.
There doesn't appear to be a means to "un-file-ify" the set private key
functions.
</pre>
</blockquote>
<pre wrap="">
You can use the d2i_PrivateKey and i2d_PrivateKey functions to read
and write the file.
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">"is there a decent way to convert a PEM or DER private key file into
</pre>
</blockquote>
<pre wrap="">ASN.1" using OpenSSL calls (from a "C" program, not from the command
line; we'll assume I have the key and cert files already.)
I assume you mean “native C structure” and not ASN1? Because DER is
just the ASN1 serialized, and PEM is base64 encoded DER with marker
lines. …
</pre>
</blockquote>
<pre wrap="">So if I take a PEM private key file, strip the markers, and turn the
actual key's base64 into binary (assuming an RSA key, so there's no "EC
parameter" block in front) I now have an "opaque" unsigned character
array of length "len" (the decoded Base64) which
SSL_CTX_use_privateKey_ASN1 will accept? (Assuming the key file is
unencrypted, of course.)
What is the parameter "pk" passed to the call in that instance (it's not
in the man page)
</pre>
</blockquote>
<pre wrap="">
From the manpage:
SSL_CTX_use_PrivateKey_ASN1() adds the private key of type _pk_
So you would need to know that it's an RSA or EC key. If you used
d2i_AutoPrivateKey you don't need to know the type and get an
EVP_PKEY.
Kurt</pre>
</blockquote>
Thanks - I suspect I have enough to get things rolling :-)
<blockquote type="cite" cite="mid:20171226200729.GA16584@roeckx.be">
</blockquote>
<br>
<div class="moz-signature">-- <br>
Karl Denninger<br>
<a href="mailto:karl@denninger.net">karl@denninger.net</a><br>
<i>The Market Ticker</i><br>
<font size="-2"><i>[S/MIME encrypted email preferred]</i></font>
</div>
</body>
</html>