[xmlsec] Proposed patch to allow OpenSSL/ENGINE operations

Erwann ABALEA erwann.abalea at keynectis.com
Thu Jul 7 09:12:52 PDT 2005


Hello Aleksey,

Hodie Non. Iul. MMV est, Aleksey Sanin scripsit:
> I see the problem you are trying to solve but unfortunately
> this change would break xmlsec tests and potentially some
> applications.

I can understand it.

> I wonder if there is a better way of doing this
> in the recently released OpenSSL 0.9.8. BTW, have you tried
> to ask this question in openssl mailing list?

I haven't asked, but checked the OpenSSL 0.9.8 release, and no,
there's still no way to check if a key can be used for a private
operation, other than doing it.

Anyway. Imagine you're using the CAPI stack, with its native support
for hardware tokens. You get a handle on a private key, declared as
such. But when you want to perform the private operation, the token is
removed. The CAPI then returns an error, and it is properly catched by
xmlsec, right?
What is the difference with the proposed behaviour introduced by my
patch?

-- 
Erwann ABALEA <erwann.abalea at keynectis.com>



More information about the xmlsec mailing list