> [EMAIL PROTECTED] - Tue Sep 11 23:09:59 2007]: > > Hi guys, > > [as advised on the list, i'm going through rt] > > I'm writing several privilege separated daemons which rely on openssl > and need reload support. What I really need is to be able to create > SSL > context in jails, SSL_use_chain_certificate_file and friends don't > work > in such an environment as the certificate files are usually owned by > root outside the jail. > > All _file function call BIO_new then set the underlying filename and > continue their work. >
You can achieve this without changing OpenSSL. Instead of relying on file based SSL functions you can instead rely on structure based ones using X509, EVP_PKEY et al. You'd load the structures outside the jail and keep them hanging around inside. Then when you need to reload you just pass the necessary structures. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
