>> Yes, I'm trying to update my code that creates PostgreSQL data types and >> functions using OpenSSL. Some of the advanced functions (e.g., rekeying >> an PKCS8 object) require that the user pass in things like digest names, >> but my interface doesn't yet support a way of learning what those >> possible values are. > > Well not all ciphers or digests are appropriate. Using 40 bit RC2 for > example encrypting private keys.
I know, and I wonder how much flexibility is warranted when one of the primary audiences for a (still hypothetical) public release is people who need to use certs/keys/keystores/etc but don't really understand the issues well enough to do it safely for themselves. Unfortunately the other target is people who really do understand the issues and don't want to have their hands tied. I'm increasingly thinking that the solution is in the stored procedures, with sane defaults/examples. Bear ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
