William A. Rowe, Jr. wrote:
Also keep in mind, you end up tied to the MS keystore, and maintaining the data or designing the schema to access it will get, uhm, interesting. There is a good chance we would need an APR helper command for some of this. Not quite as easy as throwing a collection of key/cert files into a directory.
This is similar to NSS, which has a "crypto database" that you need to initialise it with at the start (either by calling apr_crypto's API directly, or by initialising it externally by running mod_nss or the Mozilla LDAP library initialisation).
:) For those interested in such things, also note that we (indirectly) have additional crypto in support of LDAP.
The Microsoft flavour of LDAP support for TLS/SSL in APR expects certs and keys to be available in the registry, I would imagine apr_crypto would ultimately need to do something similar.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
