httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <>
Subject Re: [PATCH] get a pointer to the raw cert from mod_ssl
Date Wed, 02 Feb 2005 11:20:20 GMT
On Wed, Feb 02, 2005 at 11:09:47AM +0000, David Reid wrote:
> Joe Orton wrote:
> >On Wed, Feb 02, 2005 at 10:17:04AM +0000, David Reid wrote:
> >
> >>Basically this allows us to gain access to the actual cert structure.
> >
> >
> >I don't like the idea of exposing the X509 * directly especially not
> >through a char * interface.  Exposing the DER representation (e.g.
> >base64-encoded) through ssl_var_lookup would be better.

(of course that's essentially what _CERT_PEM is; but exporting it
without the unnecessary PEM trimmings is useful too)

> The issue is a need to get access to the internals of the structure.

By exposing the X509 * directly you expose a dependency on the
underlying SSL toolkit.  What if mod_ssl was built to use the RSA
toolkit; will the X509 * have the same fields and layout?  That's why
it's preferable to just expose the DER: there's nothing you can't do
with the DER that you can do with the X509 * anyway.


View raw message