Hi:
I'm working on a project where I want to involve hardware during the
SSL encryption/decryption phases with IIS4 and Apache.
This is no problem on Linux (God bless open-source), and probably
straightforward under IIS5/Win2K - because from what I understand the
Crypto32 API allows me to make myself a CSP (crypto service
provider). However I gather that IIS4 has no way to do this, short
of re-implementing SSL as an ISAPI filter placed above the IIS
filter.
Sooo..I can think of the following options:
1) Use the SSL2 & SSL3 specs and implement SSL myself with my
hardware hooks
2) Adapt OpenSSL to work with IIS and wrap it as an ISAPI
3) Give up and go home for once
Clearly my favorite option is 3). But it wasn't anybody else's
favorite. I actually started on 1), and felt pretty good about it
but looking at the volume of code in OpenSSL discourages me. So, I
looked at doing 2), but really didn't know where to start. Here are
issues I'd love ideas/encouragement/warnings on:
i) I can get raw SSL data from the IIS rathole. But what is the best
technique or sample program I could learn from to show me how to
initialize an OpenSSL instance, set up its rathole, stuff data down
its rathole, and react to it. That is, make OpenSSL an ISAPI filter.
ii) I assume I would need to find the keys/certs configured in IIS
from wherever IIS buries them and put them into OpenSSL. Yet I see
lots of posts on Certificate incompatibility. How would I do this,
and is it a low-success rate proposition?
iii) Have I made any wrong assumptions blinding me from a much more
straightforward solution? I really don't want to re-invent the SSL
wheel, just speed up the math!
Thanks so much in advance,
--matt walsh
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
