On Wed, Jul 23, 2003, Michiels Olivier wrote: > Hi, > I've developped my own ENGINE with OpenSSL. I use that ENGINE to use the > private keys of my root certificates. Those certificates are used to > sign X509 certificates, CRLs and OCSP responses. > On the other part, one of my component that use the ENGINE must open a > ssl connection, the private key and the certificate are not used by the > ENGINE. > My question is, how can I setup a ssl connection without having the > ENGINE used by the SSL connection ? >
If the SSL private keys aren't ENGINE specific then the SSL connection will use the default implementation of the relevant algorithms. If the code that loads your ENGINE replaces the default implementation then it will be used for SSL. You can however make private keys ENGINE specific so the relevant routines call the ENGINEs own private key code and don't use the default implementation. This is handled when the keys are initialized. If they call RSA_new() which ends up calling RSA_new_method(NULL) then they will use the default implementation. If instead they are initialized with RSA_new_method(engine) then they will always use 'engine'. So the solution to your case would be to not replace the default ENGINE implementation and to initialize the keys you want to use the ENGINE appropriately. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
