Re: Using OpenSSL with the Security framework
Re: Using OpenSSL with the Security framework
- Subject: Re: Using OpenSSL with the Security framework
- From: Alastair Houghton <email@hidden>
- Date: Wed, 25 Apr 2007 19:48:24 +0100
On 25 Apr 2007, at 04:12, Nick Zitzmann wrote:
Apparently there's no mailing list for the Security framework, and
the admins said I could ask this here since this is going into a
Cocoa program...
Has anyone ever written any code that ties OpenSSL to the Security
framework's keychain functions and certificate structures in order
to verify an X.509 certificate during a handshake? If so, then what
do I need to do in a verification function to scan through all the
keychains' certificates and find a match?
:-) What a coincidence.
I had a quick look at this the other day (I was thinking of hacking
Safari so that client certificates worked... they're really broken
right now because of limitations of Secure Transport). You could
implement an X509_LOOKUP_METHOD (on the OpenSSL side) that scanned
the keychain; the problem is that OpenSSL is really designed under
the assumption that its X509_STORE is the repository for certificate
data, whereas what you *really* want is to be able to take X509_STORE
out of the equation completely.
(Take a look at /usr/include/openssl/x509_vfy.h for more information.)
Kind regards,
Alastair.
--
http://alastairs-place.net
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden