[openssl-dev] [RFC 1/2] engine: add new flag based method for loading engine keys
Roumen Petrov
openssl at roumenpetrov.info
Thu Nov 17 07:33:11 UTC 2016
David Woodhouse wrote:
>> The assumption in all the current engine code is that key_id can be
>> passed as something like a file name.
This is mostly documentation issue.
Usually OpenSSL man pages use filename for <KEY>, but actually it is
just a string and engine is responsible how to process
>> There are some new users that
>> actually want to pass a BIO, so add a new load_key method for engines
>> that takes a flag value.
Engine could use some URN formats for <KEY>. For instance if <KEY>
starts with file:/ engile could try to load from filesystem.
>> The first defined flag is
>> ENGINE_LOAD_KEY_FLAG_BIO which means that the key_id is actually a bio
>> pointer.
I'm not sure that is good idea to pass pointers between loadable
modules. It could be used if there is no alternative. In this case URN
format for <KEY> could inform engine how to load key.
[SNIP]
Regadrs,
Roumen Petrov
More information about the openssl-dev
mailing list