Richard Levitte - VMS Whacker wrote: > > From: Averroes <[EMAIL PROTECTED]> > > a.averroes> A simple question, but not a least: > a.averroes> instead of using the index.txt file as database of > a.averroes> registered certificates, could it be possible to use a SQL > a.averroes> database "e.g. PostgreSQL" as the engine version of > a.averroes> openssl can with HSM "e.g. nCipher" > > Currently no, but that's honestly a rather cool idea. > > The reason that it wouldn't work right now is that the engine > framework only has the functionality to retrieve keys or key handles > from a HSM. No storage capabilities and no certificates on HSM. I > don't know what the rest of the development team says about this, but > I would for sure be interested into looking at implementing that kind > of extension. >
Yes I'd also be interested in doing this. A general key certificate and CRL database API is something I've been looking at for a while but never completed patrly due to a few thorny issues but mainly due to being diverted onto something of higher priority. If this could be usable as a replacement for the highly brain dead X509_LOOKUP stuff that would be great. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]