In message <58472e4f.3010...@roumenpetrov.info> on Tue, 06 Dec 2016 23:31:59 +0200, Roumen Petrov <open...@roumenpetrov.info> said:
openssl> Hi Richard, openssl> openssl> Richard Levitte wrote: openssl> > [SNIP] openssl> > James.Bottomley> 1. We agreed that usability is greatly enhanced if openssl> > openssl simply loads openssl> > James.Bottomley> a key when presented with the file/uri etc. without openssl> > the user having openssl> > James.Bottomley> to specify what the format of a key is openssl> > openssl> > Check. My STORE branch is made to support that. openssl> One URI could represent more then one item. openssl> STORE_INFO_types is enumerate but URI could be associated to custom openssl> data (handle) and this data could be used to get other data(handles). openssl> openssl> See capi engine CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char openssl> *id) openssl> .. openssl> hstore = capi_open_store(ctx, NULL); openssl> if (!hstore) openssl> return NULL; openssl> cert = capi_find_cert(ctx, id, hstore); openssl> if (cert) { openssl> key = capi_get_cert_key(ctx, cert); openssl> CertFreeCertificateContext(cert); openssl> } openssl> CertCloseStore(hstore, 0); openssl> .. openssl> Is above case PKEY is loaded only if CERT is located(found). I'm trying to understand but am failing. Looking at your example, it's quite clear that what you want to retrieve is a key, even though you have to go through the corresponding certificate to get to it. However, *nothing* stops anyone from making a loader for the "capi" scheme (if there is such a thing) that has a load method that will return the certificate (STORE_INFO_CERT) on the first call and the associated key (STORE_INFO_PKEY) on the second for the same URI. It's all about caching information, and there is a context variable (type STORE_LOADER_CTX, which is just a template type for loader defined 'struct store_loader_ctx_st') to be used exactly for that kind of purpose. In your example above, I fail to see where the custom data would be needed... And frankly, STORE is first of all meant to handle types that can be used with the rest of OpenSSL. That being said, adding a "whatever" STORE_INFO type isn't very hard either. I'm just not terribly convinced yet, but let's keep talking, I'll probably understand sooner or later what you're actually after. Cheers, Richard ( oh, and if example code is needed, I can provide ) -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev