I sent a message to the request tracker on 24 April. Normally I expect a
request number to be assigned and a copy of the email (with attachments
stripped) to be forwarded to openssl-dev. None of that has happened yet.
Nothing bounced back to me. I assume that people are waiting for a
number to be assigned before replying, so that it will be archived
properly in rt. A copy of the message follows (I had cc'd to
openssl-dev).
Doug
On Sun, 24 Apr 2005, Doug Kaufman wrote:
> Date: Sun, 24 Apr 2005 15:08:14 -0700 (PDT)
> From: Doug Kaufman <[EMAIL PROTECTED]>
> Reply-To: [email protected]
> To: [EMAIL PROTECTED]
> Cc: [email protected]
> Subject: SSL_CTX_set_default_paths
>
> There doesn't seem to be any documentation in the .pod files of the
> "SSL_CTX_set_default_paths" function or of the environment variables
> "SSL_CERT_FILE" and "SSL_CERT_DIR" which can change the value it
> returns. This came up recently in discussion on the wget list. The
> "wget" file retriever does not use the defaults (instead specifying
> the location of the trusted certificate each time on the command
> line), and the developers were not familiar with this function to
> set the default paths. Is the lack of documentation an oversight (or
> on the "to-do" list), or is use of the default paths deprecated?
> There was some hesitancy on the wget list to use an openssl function
> that doesn't seem to have documentation. This has affected other
> applications also. The "curl" file retriever sets its own default
> locations (also related to the developers having been unfamiliar with
> the function when its ssl code was written). The "lynx" browser does
> use "SSL_CTX_set_default_paths". I am not sure what other applications
> which link to the openssl library do.
>
> Can anyone comment on the status of "SSL_CTX_set_default paths"
> and the associated functions (X509_STORE_set_default_paths,
> X509_LOOKUP_file, X509_LOOKUP_hash_dir, by_file_ctrl,
> X509_get_default_file_cert_env, X509_get_default_cert_dir_env and
> dir_ctrl)?
>
> Also, the function "dir_ctrl" in crypto/x509/by_dir.c looks wrong to
> me. Shouldn't it be checking for the environment variable first, then
> getting the default if no environment variable is specified (the way
> by_file_ctrl does in crypto/x509/by_file.c)? Sorry if I am misreading
> what that function is doing. The code looks the same in 0.9.7 and
> 0.9.8.
> Doug
>
>
--
Doug Kaufman
Internet: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
