Re: DH parameter reading in OPENSSL 3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Tomas Mraz,

it is somewhat unclear to me why do you consider the migration_guide(7)
useless in this regard. Citing it:

[...description...]

The openssl documentation may be logical for someone who knows all the parts and how they work together, but for everybody else it's a large glob of isolated files which you simply can't bring together. You have pages which sometimes describe dozens of functions which seldom have examples and at least for me they don't help.

My initial TLS implementation took me days (although I do nothing except loading the parameters (key,cert,chain) and setup the stuff). Mostly I only got that done looking at the openssl tools and how they do it. AFTER you know how the code looks like the documentation helps but not to getting to this state. Essentially for me the documentation thus always was only a means to verify that the examples I used actually are correct and not written by somebody who also doesn't understand it.

I already looked for more than 4 hours at openssl 3 documentation and wasn't able to find the correct approach even after trying lot's of variants of the functions which Viktor showed in his example code (which BTW now took me about 20 minutes to understand, implement and test).

So yes. In my opinion the migration guide is useless. E.g. examples wouldn't hurt like

When you did this before
...
then replace it with that now
...
That usually brings you to the right way even when not fully matching your code.

Actually I very much would like a function like

SetupTLS(const char **files, const char *cipherspec, const char *parameters)

Which I call and pass the user supplied files and optional parameter strings and openssl simply cares itself about the stuff and provides me a ready to use context. But that's probably too much to wish for. ;-)

Freedom in Peace
--
https://www.dstoecker.eu/ (PGP key available)



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux