On Fri, Mar 05, 1999, [EMAIL PROTECTED] wrote:
> > > If I wanted mod_ssl to use DER Base64 encoded certs by default, would it be
> > > as simple as doing a `perl -pi -e 's/PEM/DER/g;'` to the mod_ssl source
> > > files, and then adding '-outform DER' to makecrt.sh where appropriate?
> > > (compile and install afterwards of course)
> >
> > No, it isnīt such easy, because not all _PEM functions of OpenSSL have direct
> > DER counterparts. But DER cert/key loading can be supported with a little bit
> > of extra code, of course. But the question is: why do you want to use DER?
> > The conversion via "openssl x509 ..." is trivial... So, whatīs the
> > reasons? Perhaps itīs actually interesting to support DER in mod_ssl
> > in general?
>
> Because we, http://www.aventail.com/, are using Apache+mod_ssl+SSLeay in a
> "soon to be released" product. This new product will co-exist with our
> extranet server. This extranet server is ssl capable but uses some other
> ssl toolkit that only does DER Base64. Which means our existing cert
> management tools only do DER Base64. This is why I need mod_ssl to support
> DER Base64. My guess is that DER Base64 would be desirable whenever you'd
> like to have mod_ssl play nicely with anything from the commercial,
> proprietary, non-free world.
Ok, sounds like a reasonable suggestion. But do you want DER+Base64 or just
plain DER? Because DER is a binary format while DER+Base64 is the binary plus
Base64 transformed and PEM is actually DER+Base64+Header/Footer. So, what
exactly do you understand under "DER Base64"? Do you want plain DER or really
DER+Base64?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]