Re: [PHP-DEV] assymetric encryption functions based on OpenSSL From: Sterling Hughes (Sterling.Hughes <email protected>)
Date: 11/13/00

At 10:23 PM 11/13/2000 +0200, Andi Gutmans wrote:
>I took a look at the two samples.
>It looks as if the whole business could be abstracted a bit more but I am
>no expert on OpenSSL so I'm not sure.
>Two issues which should probably be debated:
>a) Should we require the user to mess with fopen(), fclose() as part of
>the API.
>b) Do we need them to mess with the read_x509 part.
>c) How is the API handled if the x509 is not in a file but comes from a
>database as a string?
>
>I'm not saying the current API is wrong but I think it needs a review just
>to make sure that we can make it as easy as possible on the end user. The
>current examples aren't that simple (i.e. PHP simple).

>Comments?

I don't know a whole lot about SSL (beyond what it is)...

If there is another use for the _x509 stuff, then I think it should be left
in there, but higher level functions should be made to do the basic
operations needed (and perhaps make _x509 a little more descriptive, what
is x509 anyway?). If its really only used in this context then imho, it
should be taken out.

Certificates in strings would allow for more flexibility in some cases, but
from what I understand about ssl, in most cases, certificates are most
often held in files, so its more convient as a whole to have the data
passed as a file (and you can always use tmpfile() if you need to extract
certificates from the database)...

Another solution might be to check whether the string given to the function
is a valid file, if so then use it as a file, otherwise treat it as a string...

-Sterling 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>