[OpenCA-Devel] nCipher module OpenSSL dynamic engine support

Martin Bartosch Tue, 10 May 2005 08:37:13 -0700

Hi,

just for your information, I just checked in an updated nCipher Token
module that can access OpenSSL via dynamic engine support.
(OpenSSL 0.9.8 will remove static engine support, so for future
versions of OpenSSL this will be the way to go. One of the reasons
to use the new version might be issuance of Domain Controller
certificates.)


The updated module will work exactly as before, in particular if
you are using OpenSSL 0.9.7 with your nCipher module, there is
no noticable change at all.

However, if the dynamic engine location is specified in the token config
file, the module will automatically switch to dynamic engine mode.

The only mandatory option is:

...
<option>
  <name>PRE_ENGINE</name>
  <value>SO_PATH:/usr/local/openssl-snap/lib/engines/libncipher.so</value>
</option>
...

Here you have to configure the location of the dynamic engine as
distributed by OpenSSL.

The following PRE_ENGINE options are added implicitly if not configured
in the token config:

ID:chil, LIST_ADD:1, LOAD THREAD_LOCKING:1

Each of these can be overridden by specifying a corresponding PRE_ENGINE
stance.

cheers

Martin



-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_ids93&alloc_id281&op=click
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel

[OpenCA-Devel] nCipher module OpenSSL dynamic engine support

Reply via email to