Hi, I already wrote about my efforts to support nCipher HSM for OpenCA. Currently I am trying to write my own OpenCA::Token::nCipher module that accesses nCipher hardware.
While doing so I encountered a problem: OpenCA::OpenSSL does not support a wrapper executable for OpenSSH. This is required for using OpenSSL with the HSM (see my other mail). Invocation example: /opt/HSM/bin/somewrapper /usr/local/ssh/bin/openssl <arguments> It *could* be possible to specify wrapper and openssl executable together as SHELL, but the current implementation of OpenCA::OpenSSL checks for existance of the OpenSSL binary, causing an error because the file "/opt/HSM/bin/somewrapper /usr/local/ssh/bin/openssl" does obviously not exist. So in order to support the nCipher module something has to be done here. I see two options: a) extend OpenCA::OpenSSL to accept a wrapper executable by using a new configuration variable, e. g. "WRAPPER" or "PRELOAD" that is simply put in front of the OpenSSL command invocation b) modify OpenCA::OpenSSL to accept the wrapper executable as part of the OpenSSL path by modifying the -e check at the end of the OpenCA::OpenSSL::new constructor. I would really prefer a) because b) is more like a dirty hack. What do you think in terms of integration into the software? Martin ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
