Hi there!
Recently I had to work on an openssl project where due to security requirements
I had to place the private key for the server certificate on another machine.
In order to be able to make openssl ignore the fake private key in the
certificate I had to "hack" some data structures to delegate the handshake
decrypt to the remote machine so that the handshake could succeed.
I was wondering if this capability to delegate the decrypt function can be
useful enough to incorporate into the official version.
In cases when the client and the server are located on user's machine it is a
risk to keep the private key on that machine.
Let me know if there is a better solution for this problem.
Cheers,
Tigran
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
