It will be nice to have these calls, but the DLL's interface (the list of exported functions) is not frozen yet. Maybe in version 1.0... It is better to link statically - and sign your executable with some tool like MS signcode. If you are using Windows 2000, you can check if the signature is valid simply right-clicking the icon in Windows Explorer, choosing Properties and selecting the "Digital Signatures" tab. Peter Gutmann has reverse-engineered the MS Authenticode format for signing executable code, maybe someone could present an implementation of the Authenticode tools using the OpenSSL toolkit. The documented functions of MS Authenticode simply aren't suitable for your purposes - they return only a result "Signed" or "Invalid Signature" or "Not Signed", and their setup is very slow. It will be desirable to get the signature (a PKCS#7 appended to the executable or DLL), check the validity (taking into account the timestamp), etc. Edson E. Watanabe ----- Original Message ----- From: "John Denney" <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, March 19, 2001 4:19 PM Subject: dll version? > All, > > We're intending to use the openssl dll libraries on the Windows platform > of our product. > > How can we tell which dll version we're dynamically loading? 0.9.5? > 0.9.6? A spoofed version? The copy we shipped? The copy the end-user > already had or subsequently loaded? > > It would be nice to have calls something like: > > VERSION_INFO openSSL_SSL_Version(void); // returns ssleay32.dll version > VERSION_INFO openSSL_LIB_Version(void); // returns libeay32.dll version > > Or we should do SHA hashes of the openSSL dll's we build, embed the > result in our code, and do comparisons at dll load time against whatever > purported openSSL dll's are presented? > > Best Regards, > John > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
