This has been done once by C2Net, using SSLEAY the predecessor to OpenSSL,
you might try contacting them to see if its still sold / supported.
----- Original Message -----
From: Matt Walsh <[EMAIL PROTECTED]>
To: SSL List <[EMAIL PROTECTED]>
Sent: Thursday, July 27, 2000 2:16 PM
Subject: OpenSSL as IIS Isapi filter?
> Hi:
>
> I'm working on a project where I want to involve hardware during the
> SSL encryption/decryption phases with IIS4 and Apache.
>
> This is no problem on Linux (God bless open-source), and probably
> straightforward under IIS5/Win2K - because from what I understand the
> Crypto32 API allows me to make myself a CSP (crypto service
> provider). However I gather that IIS4 has no way to do this, short
> of re-implementing SSL as an ISAPI filter placed above the IIS
> filter.
>
> Sooo..I can think of the following options:
>
> 1) Use the SSL2 & SSL3 specs and implement SSL myself with my
> hardware hooks
> 2) Adapt OpenSSL to work with IIS and wrap it as an ISAPI
> 3) Give up and go home for once
>
> Clearly my favorite option is 3). But it wasn't anybody else's
> favorite. I actually started on 1), and felt pretty good about it
> but looking at the volume of code in OpenSSL discourages me. So, I
> looked at doing 2), but really didn't know where to start. Here are
> issues I'd love ideas/encouragement/warnings on:
>
> i) I can get raw SSL data from the IIS rathole. But what is the best
> technique or sample program I could learn from to show me how to
> initialize an OpenSSL instance, set up its rathole, stuff data down
> its rathole, and react to it. That is, make OpenSSL an ISAPI filter.
>
> ii) I assume I would need to find the keys/certs configured in IIS
> from wherever IIS buries them and put them into OpenSSL. Yet I see
> lots of posts on Certificate incompatibility. How would I do this,
> and is it a low-success rate proposition?
>
> iii) Have I made any wrong assumptions blinding me from a much more
> straightforward solution? I really don't want to re-invent the SSL
> wheel, just speed up the math!
>
> Thanks so much in advance,
>
> --matt walsh
>
> __________________________________________________
> Do You Yahoo!?
> Get Yahoo! Mail - Free email you can access from anywhere!
> http://mail.yahoo.com/
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
smime.p7s
