[openssl-dev] OpenSSL and certain PEM formats
Salz, Rich
rsalz at akamai.com
Wed Dec 17 16:34:13 UTC 2014
> > I am putting the finishing touches on an Internet-Draft for textual
> > encodings of security structures
> > <http://tools.ietf.org/html/draft-josefsson-pkix-textual-09>, which
> > OpenSSL refers to as the "PEM format".
Cool. You know why it's called PEM format, right? (RFC 1115 et al)
> > #define PEM_STRING_X509_PAIR "CERTIFICATE PAIR"
> > (note, this is supposed to encapsulate a CertificatePair structure
> > from X.509)
This is not used anywhere in openssl. I just removed it and did a build :) The fact that the fields are named forward and backward, makes me think it was intended for SSL/TLS use. But as I said it's not used and I'll remove it soon.
> > #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
As Kurt said, this is for internal use only, no guarantee it works across any two revisions.
> > #define PEM_STRING_PARAMETERS "PARAMETERS"
> > (note, this label does not have any algorithms in it, so I presume
> > it refers to some kind of generic parameter structure)
It's used to encode arbitrary parameters for ENGINE, which is OpenSSL's crypto-hardware abstraction.
More information about the openssl-dev
mailing list