On Sat, Apr 30, 2005 at 11:58:34AM -0700, Doug Kaufman wrote:
> I sent a message to the request tracker on 24 April. Normally I expect a
> request number to be assigned and a copy of the email (with attachments
> stripped) to be forwarded to openssl-dev. None of that has happened yet.
> Nothing bounced back to me. I assume that people are waiting for a
> number to be assigned before replying, so that it will be archived
> properly in rt. A copy of the message follows (I had cc'd to
> openssl-dev).
New submissions are moderated. I have been on vacation and I did mess up
to correctly hand over to another team member.
Sorry for any inconvenience caused,
Lutz
> On Sun, 24 Apr 2005, Doug Kaufman wrote:
>
> > Date: Sun, 24 Apr 2005 15:08:14 -0700 (PDT)
> > From: Doug Kaufman <[EMAIL PROTECTED]>
> > Reply-To: openssl-dev@openssl.org
> > To: [EMAIL PROTECTED]
> > Cc: openssl-dev@openssl.org
> > Subject: SSL_CTX_set_default_paths
> >
> > There doesn't seem to be any documentation in the .pod files of the
> > "SSL_CTX_set_default_paths" function or of the environment variables
> > "SSL_CERT_FILE" and "SSL_CERT_DIR" which can change the value it
> > returns. This came up recently in discussion on the wget list. The
> > "wget" file retriever does not use the defaults (instead specifying
> > the location of the trusted certificate each time on the command
> > line), and the developers were not familiar with this function to
> > set the default paths. Is the lack of documentation an oversight (or
> > on the "to-do" list), or is use of the default paths deprecated?
> > There was some hesitancy on the wget list to use an openssl function
> > that doesn't seem to have documentation. This has affected other
> > applications also. The "curl" file retriever sets its own default
> > locations (also related to the developers having been unfamiliar with
> > the function when its ssl code was written). The "lynx" browser does
> > use "SSL_CTX_set_default_paths". I am not sure what other applications
> > which link to the openssl library do.
> >
> > Can anyone comment on the status of "SSL_CTX_set_default paths"
> > and the associated functions (X509_STORE_set_default_paths,
> > X509_LOOKUP_file, X509_LOOKUP_hash_dir, by_file_ctrl,
> > X509_get_default_file_cert_env, X509_get_default_cert_dir_env and
> > dir_ctrl)?
> >
> > Also, the function "dir_ctrl" in crypto/x509/by_dir.c looks wrong to
> > me. Shouldn't it be checking for the environment variable first, then
> > getting the default if no environment variable is specified (the way
> > by_file_ctrl does in crypto/x509/by_file.c)? Sorry if I am misreading
> > what that function is doing. The code looks the same in 0.9.7 and
> > 0.9.8.
> > Doug
> >
> >
>
> --
> Doug Kaufman
> Internet: [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager [EMAIL PROTECTED]
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
