Richard Levitte - VMS Whacker wrote: > > From: Dr S N Henson <[EMAIL PROTECTED]> > > stephen.henson> Is there some specific reason why the API should > stephen.henson> return a "key" at all and not just the certificate (or > stephen.henson> whatever) it corresponds to? > > You might want to store keys alone for different reasons. Let's > remember that OpenSSL isn't just used by SSL and X.509 applications. > > I see this a little like hardware-protected keys, they are also just > keys with no specific certificate tied to them. >
When I said "key" I didn't mean a private key. It would be a requirement of the API that private keys, certificates, CRLs and maybe other things like opaque data objects, attribute certificates etc could be stored. My comment was to a "database key" and that "findbyX" might return some kind of opaque reference to a database key. What I was saying was that some implementations might not have an equivalent to a "database key" and would have to fake one. Also if all you can do with the key is lookup the object it corresponds to then findbyX might as well return the object directly and have the key lookup in the plugin implementation and not at the API level. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]