On Sat, Apr 30, 2005 at 11:58:34AM -0700, Doug Kaufman wrote: > I sent a message to the request tracker on 24 April. Normally I expect a > request number to be assigned and a copy of the email (with attachments > stripped) to be forwarded to openssl-dev. None of that has happened yet. > Nothing bounced back to me. I assume that people are waiting for a > number to be assigned before replying, so that it will be archived > properly in rt. A copy of the message follows (I had cc'd to > openssl-dev).
New submissions are moderated. I have been on vacation and I did mess up to correctly hand over to another team member. Sorry for any inconvenience caused, Lutz > On Sun, 24 Apr 2005, Doug Kaufman wrote: > > > Date: Sun, 24 Apr 2005 15:08:14 -0700 (PDT) > > From: Doug Kaufman <[EMAIL PROTECTED]> > > Reply-To: openssl-dev@openssl.org > > To: [EMAIL PROTECTED] > > Cc: openssl-dev@openssl.org > > Subject: SSL_CTX_set_default_paths > > > > There doesn't seem to be any documentation in the .pod files of the > > "SSL_CTX_set_default_paths" function or of the environment variables > > "SSL_CERT_FILE" and "SSL_CERT_DIR" which can change the value it > > returns. This came up recently in discussion on the wget list. The > > "wget" file retriever does not use the defaults (instead specifying > > the location of the trusted certificate each time on the command > > line), and the developers were not familiar with this function to > > set the default paths. Is the lack of documentation an oversight (or > > on the "to-do" list), or is use of the default paths deprecated? > > There was some hesitancy on the wget list to use an openssl function > > that doesn't seem to have documentation. This has affected other > > applications also. The "curl" file retriever sets its own default > > locations (also related to the developers having been unfamiliar with > > the function when its ssl code was written). The "lynx" browser does > > use "SSL_CTX_set_default_paths". I am not sure what other applications > > which link to the openssl library do. > > > > Can anyone comment on the status of "SSL_CTX_set_default paths" > > and the associated functions (X509_STORE_set_default_paths, > > X509_LOOKUP_file, X509_LOOKUP_hash_dir, by_file_ctrl, > > X509_get_default_file_cert_env, X509_get_default_cert_dir_env and > > dir_ctrl)? > > > > Also, the function "dir_ctrl" in crypto/x509/by_dir.c looks wrong to > > me. Shouldn't it be checking for the environment variable first, then > > getting the default if no environment variable is specified (the way > > by_file_ctrl does in crypto/x509/by_file.c)? Sorry if I am misreading > > what that function is doing. The code looks the same in 0.9.7 and > > 0.9.8. > > Doug > > > > > > -- > Doug Kaufman > Internet: [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager [EMAIL PROTECTED] -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]