[openssl-dev] STORE, the continued story
Richard Levitte
levitte at openssl.org
Tue Feb 21 13:49:25 UTC 2017
Hi,
last time I talked about the STORE effort, it was about search for
specific data. I believe that this PR covers quite a lot of what is
desired, and is designed to be easily extensible:
https://github.com/openssl/openssl/pull/2688
(it's built on top of PRs #2011 and #1961, making it look quite huge).
As a proof of concept, I had a closer look at X509_LOOKUP_METHODs and
came up with two integrations with STORE, one being light weight (or
cowardly), the other being a bit more radical.
lightweight: https://github.com/openssl/openssl/pull/2696
radical: https://github.com/openssl/openssl/pull/2697
These two PRs have not been built on top of the URI and STORE PRs, for
demonstration purposes. To make them work, they need to be merged on
top of PR #2688.
Note: they currently only take straight file / directory specs, no
URIs. The change to full blown URI processing isn't very hard but
needs a bit more testing.
At this point, it's high time for comments in the PRs, and reviews
(especially by team members)... so far, there's been very little of
that.
Also, it's high time to start playing with engines and see how
integration with the STORE API works out. The TPM engine would be
interesting, and so would the PKCS#11 one. Also, if there's an LDAP
engine to adapt, that would be an interesting project as well.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list