Re: [PHP-DEV] assymetric encryption functions based on OpenSSL From: Stig Venaas (Stig.Venaas <email protected>)
Date: 11/13/00

On Mon, Nov 13, 2000 at 10:23:02PM +0200, Andi Gutmans wrote:
> I took a look at the two samples.
> It looks as if the whole business could be abstracted a bit more but I am
> no expert on OpenSSL so I'm not sure.
> Two issues which should probably be debated:
> a) Should we require the user to mess with fopen(), fclose() as part of the
> API.

I'll look into this.

> b) Do we need them to mess with the read_x509 part.

I could avoid it, but it might be interesting to add functions that work
with certificates, so that function might be needed. Also, the public key
might not come from a certificate, so it should be possible to give a public
key as argument. I could perhaps allow for both certificates and keys as
arguments, but that might be confusing too. I'm open for suggestions here,
I'll allow for both if people think it's a good idea.

> c) How is the API handled if the x509 is not in a file but comes from a
> database as a string?

That's a really good question, I would like to be able to retrieve
certificates on the fly from an LDAP server, so I would like to be
able to use a string. The problem is that all the OpenSSL functions
I've found expect to be passed a file descriptor or a socket.

> I'm not saying the current API is wrong but I think it needs a review just
> to make sure that we can make it as easy as possible on the end user. The
> current examples aren't that simple (i.e. PHP simple).

Yes, I tend to agree, will fix a) soon, and maybe b). c) I would like
to fix, but I'm not so sure how.

Thanks for the comments,

Stig 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>