On 9/15/2019 8:29 AM, Kyle Hamilton
wrote:
Still more importantly, almost everything OpenSSL does is just math and file manipulation. S_client and s_server add basic network operations. There's probably some low-level goop for hardware acceleration, but that's just acceleration. You can write a program to do those things without needing to involve OpenSSL, so restrictions on OpenSSL per se aren't very interesting. The way to restrict PKI operations (in a simple configuration) is through file and directory permissions on the data involved. -- Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris |