Hi, I am using d2i_RSAPublicKey and d2i_DSAPublicKey successfully, but have run into something strange. I have a server which maintains accounts that may or may not have public keys associated with them. This server communicates with the outside world using TLS-enabled connections. I was calling the d2i functions regardless, and in the case of an account without a key, the specified length would be 0. The problem is that calling the d2i functions with a length of 0 somehow corrupted my TLS connection and I would get protocol errors that required shutting down the connection. Note that the RSA and DSA objects are in no way connect- ed to the TLS connection. I modified my code to only call the d2i functions when the length of the key is non-zero, and the protocol errors have gone away.
I attempted to locate where the d2i functions do their work, and I think I have it narrowed down to the ASN1_item_ex_d2i function. It is well beyond my knowledge of the internal workings of openssl, so I couldn't figure out how to modify the function to handle the condition of len==0. This no longer affects me, but I thought I'd pass along my experience. Mike ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]