Hi Michael,

>> This always expands to "-engine chil -keyform engine" in all
>> OpenSSL commands that are using private keys, breaking most of
>> the Perl module's member functions.
>> (LunaCA3 even uses an -enginearg parameter. Does this really work?)
>
> Chrysalis-ITS (now SafeNet) does not only publish an engine. They publish
> a completely patched OpenSSL. Therefore they can use other parameters.

OK I see, so we need no special handling for this.

> - we should remove "-keyform engine" from the ENGINE argument and
> implement
>   an automatic detection for an engine in the functions
>   $cmd .= " -keyform engine" if ($self->{ENGINE});
>   This we can add to the three relevant commands and we have not to extend
>   the interface
>
> What do you think about this third option, Martin?

Sounds good, I'm completely with you...

Two more minor issues:

First (this may be a SuSE packaging problem), the sample token.xml file
references the openca-sv in /usr/local/openca-0.9.2/bin, wheras the
RPM installs the binary to /usr/local/bin. I needed to modify this
manually in token.xml.
Second, the openca-sv also needs the -engine parameter. I worked around
it by specifying the required '-engine chil' argument in token.xml.
Not pretty but works. Is this the way to go?

Martin



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to