William A. Rowe, Jr. wrote:

Also keep in mind, you end up tied to the MS keystore, and maintaining the
data or designing the schema to access it will get, uhm, interesting.  There
is a good chance we would need an APR helper command for some of this.  Not
quite as easy as throwing a collection of key/cert files into a directory.

This is similar to NSS, which has a "crypto database" that you need to initialise it with at the start (either by calling apr_crypto's API directly, or by initialising it externally by running mod_nss or the Mozilla LDAP library initialisation).

:)  For those interested in such things, also note that we (indirectly) have
additional crypto in support of LDAP.

The Microsoft flavour of LDAP support for TLS/SSL in APR expects certs and keys to be available in the registry, I would imagine apr_crypto would ultimately need to do something similar.

Regards,
Graham
--

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to