Re: DH parameter reading in OPENSSL 3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 13, 2022 at 06:47:15PM +0200, Dirk Stöcker wrote:

> > https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_dh.c#L148-L205
> 
> Thanks a lot. Works in principle now with one exception. The previous 
> approach worked for a file, where first comes the PEM certificate and 
> afterwards the DH params. The new approach only works when the file has 
> nothing than the DH params inside. Is there a chance to get that behaviour 
> back or do I need to load the file and strip the certificate myself?

The work-around is to put the DH parameters first.  Otherwise, you'd
need to resort to the more general OSSL_STORE API, which loads objects
of various types, and you can then ignore the ones you don't care for.

Another option is to iterate through the PEM file via the generic PEM
API, and then decode just the desired objects:

    https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_certkey.c#L344-L378.

-- 
    Viktor.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux