Thanks for your pointers. I searched a bit further and noticed the existence of a STORE method and the associated (un)register functions with an engine. Looking at its API, it looks like it provides the key and certificate loading function signatures that I need. Therefore, I was considering implementing (a subset of) the STORE method functions in my engine.
From the README in crypto/store in master <https://github.com/openssl/openssl/blob/master/crypto/store/README>, I conclude that future versions will provide X509_STORE as a default implementation for the store as well. Therefore, this seems the right approach in the long run. I am currently using a 1.0.1 version. However, I could not find any example of any engine implementing a store. There do not seem to be any tests either. Can you/someone confirm that implementing (a subset of) a store in my engine is a valid approach at the moment (and in the future)? Thanks, Reinier On 8/6/15 8:06 PM, Dr. Stephen Henson wrote: > On Thu, Aug 06, 2015, Reinier Torenbeek wrote: > >> I am interested in leveraging the following three functions: >> >> ENGINE_load_private_key() >> ENGINE_load_public_key() >> ENGINE_load_certificate() >> >> Unfortunately, the latter is missing. This was mentioned in a recent >> thread on this list as well (see >> http://www.mail-archive.com/openssl-users@openssl.org/msg77566.html). Is >> it planned for any future release? >> > At some point yes but it's quite complex decided what the parameters should > be: e.g. to lookup certificates matching one or more criteria. > > >> The former two functions are present though and I was looking for their >> EVP-level counterparts to access them in the proper way. Apparently, >> those do not exist either. Previously, I was under the impression that >> the EVP API exposes all engine-implemented functions. Are these >> EVP_load_xxx functions missing from EVP because they are "todo in a >> future release" or are they omitted by design? >> > The ENGINE_load*key functions rerturn an EVP_PKEY structure which can be > used by EVP directly. > > There are other functions which can load an EVP_PKEY structure too like the > PEM and PKCS12 functions. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
_______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users