"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> On Thu, Mar 04, 1999, [EMAIL PROTECTED] wrote:
>
> > If I wanted mod_ssl to use DER Base64 encoded certs by default, would it be
> > as simple as doing a `perl -pi -e 's/PEM/DER/g;'` to the mod_ssl source
> > files, and then adding '-outform DER' to makecrt.sh where appropriate?
> > (compile and install afterwards of course)
>
> No, it isn�t such easy, because not all _PEM functions of OpenSSL have direct
> DER counterparts. But DER cert/key loading can be supported with a little bit
> of extra code, of course. But the question is: why do you want to use DER?
> The conversion via "openssl x509 ..." is trivial... So, what�s the
> reasons? Perhaps it�s actually interesting to support DER in mod_ssl
> in general?
Because we, http://www.aventail.com/, are using Apache+mod_ssl+SSLeay in a
"soon to be released" product. This new product will co-exist with our
extranet server. This extranet server is ssl capable but uses some other
ssl toolkit that only does DER Base64. Which means our existing cert
management tools only do DER Base64. This is why I need mod_ssl to support
DER Base64. My guess is that DER Base64 would be desirable whenever you'd
like to have mod_ssl play nicely with anything from the commercial,
proprietary, non-free world.
-Tom
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
