In message <1ce93d56-6fa4-1bae-d440-5ab843900e40@xxxxxxxxxxxxxxxxxxxx> on Wed, 28 Mar 2018 17:10:40 -0700, Jordan Brown <openssl@xxxxxxxxxxxxxxxxxxxx> said: openssl> Matt: Indeed, looks very promising. Now if only we were on openssl> 1.1.1 :-(. I'm a little surprised that it doesn't read from a openssl> BIO. It's certainly possible to add such an API. As a matter of fact, we do have that internally, specifically for PEM files... have a look in 1.1.1's crypto/include/internal/store_int.h. That's not the initial intention with the API, though... Also, I can't quite shake the feeling that a BIO API would be a bit shaky. Internally, the file: scheme loader opens all files in binary mode, as it's designed to detect if the file is a PEM file or raw DER, so the question remains, if we would open up a BIO STORE API, what are th expectations? Will people open such files in binary mode at all times? Should that be a content type agnostic interface (i.e. should it detect if the file is PEM or raw DER), or should there be separate functions for PEM and raw DER content? Please note that for each question, we're getting further and further away from the idea of having an interface where the caller doesn't need to know much more than how to indicate where to load stuff from, to an API that almost becomes a 1:1 mapping of PEM and d2i functions. When we've come that far, what have we gained? But I dunno... I'm ambivalent around these ideas, and considering those internal functions I mentioned, we do have some kind of base set up already, so it would probably not be that hard to open up that kind of functionality to the public. Perhaps as a side thing, like STORE UTILS? -- Richard Levitte levitte@xxxxxxxxxxx OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
