On 02 Feb 2012, at 4:13 PM, Dr Stephen Henson wrote: > So my thoughts are that this concept could be generalised. > > A simple answer is to add new string setting options. For example: > > int SSL_CTX_set_options_string(SSL_CTX *ctx, const char *str); > > This works for existing simple configuration but a new string (for example TLS > 1.2 supported signature algorithms) might be added in the future so then we're > back to having to explicitly add support to all applications for each new > string > configuration option.
This came up during the design of the apr_crypto interface, which also required hard coded constants originally. What we ended up with is a string modeled on the argv string (ie whitespace separated tokens, with support for quoting). The reason for this was that some crypto backends (Mozilla NSS primarily) required support for filesystem paths, which meant spaces, which meant quoting: crypto_make(): https://svn.apache.org/repos/asf/apr/apr/trunk/crypto/apr_crypto_openssl.c Regards, Graham --
smime.p7s
Description: S/MIME cryptographic signature
