Re: Using OpenSSL with the Security framework
Re: Using OpenSSL with the Security framework
- Subject: Re: Using OpenSSL with the Security framework
- From: Nick Zitzmann <email@hidden>
- Date: Thu, 26 Apr 2007 13:31:44 -0600
On Apr 25, 2007, at 12:48 PM, Alastair Houghton wrote:
I had a quick look at this the other day (I was thinking of hacking
Safari so that client certificates worked... they're really broken
right now because of limitations of Secure Transport). You could
implement an X509_LOOKUP_METHOD (on the OpenSSL side) that scanned
the keychain; the problem is that OpenSSL is really designed under
the assumption that its X509_STORE is the repository for
certificate data, whereas what you *really* want is to be able to
take X509_STORE out of the equation completely.
I solved the problem thanks to some users on the apple-cdsa list, but
in case anyone's wondering, here's how to solve the most difficult
part, which is turning an OpenSSL X509_STORE_CTX structure ("ctx"
below) into a SecCertificateRef:
CSSM_DATA certData;
SecCertificateRef cert;
bzero(&certData, sizeof(certData));
certData.Length = i2d_X509(ctx->cert, &(certData.Data));
if (certData.Length > 0)
{
if (SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3,
CSSM_CERT_ENCODING_DER, &cert) == noErr)
{
// It's created!
}
}
Nick Zitzmann
<http://www.chronosnet.com/>
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden