On Tue, 9 Mar 2010, Petr Pisar wrote:
I'm cc'ing my response to curl-library since we're discussing modifying the
lib. I do think we should move this discussion over to that list.
I inspired by openssl(1) initicialization and adjusted curl library.
Now I'm able to list dynamic engines defined in config file:
Well, user can use OPENSSL_CONF environment variable or to use default
openssl.cnf file from default OpenSSL directory.
Thanks! It certainly seems like a decent approach to add. I miss the
documentation part of the patch (at least a rudimental description of how it
is to be used) and I do have some questions about the implementation. See
below:
+#define OSSL_CONF_FILE_NAME "openssl.cnf"
Is this a common name for a config file of this sorts for OpenSSL? The name
seems to imply it so I assume it is...
I must confess I dislike the idea of using environment variables to control
library behaviors, but in this case since it wants to change how the global
init is done, I can't see a lot of good alternatives.
+ prefix = X509_get_default_cert_area();
And this call is safe and known to never fail?
+ length = strlen(prefix) + strlen(OSSL_CONF_FILE_NAME) + 2;
+ filename = OPENSSL_malloc(length);
Why not use plain malloc here?
+ if (!filename) return 0;
+
+ BUF_strlcpy(filename, prefix, length);
+ BUF_strlcat(filename, "/", length);
+ BUF_strlcat(filename, OSSL_CONF_FILE_NAME, length);
And why not just sprintf() that string instead of doing three OpenSSL-specific
function calls? (or in fact using aprintf() as it would avoid the separate
malloc call)
+ config=NCONF_new(NULL);
What happens if NCONF_new() fails? Surely it returns NULL then, do all the
subsequent functions that uses the config as argument handle a NULL passed in?
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
