At 03:14 PM 7/9/2003 +0200, gianni writeth:
>[EMAIL PROTECTED] wrote:
>
>>Hi,
>>
>>I want to create a request automatically with an webapplication. So the
>>persons enter the details into a form an I write a temporary config-file to
>>create request. But how does the content of the config-file look, that it
contains
>>the details (cn, o, ou,...) and how does the command look, what I have to
>>execute?
>>
>>Hope anybody can help me..
>>
>>Thanx a lot for help!!!!
>>
>>Carsten
>>
>>
>>
>You can find details in doc/apps/req.pod in your openssl directory.
>Specify prompt = no in the [ req ] section to disable prompting. The
>command is
>something like
>req -new -config conffile -newkey rsa:1024 -keyout newkey.pem -out
>request.pem
NOTE: That approach requires a config file, which is on physical media -
so be sure that no one can read those files except OpenSSL and the
originating program. Also, take care to zreo out the config files before
deleting them.
You can also hack OpenSSL to accept input from stdin instead of whatever it
defaults to on your platform...I did that a long time ago for Win32 and I
remember it wasn't what I would call "fun", so I recommend avoiding that
particular route (although, it does offer some additional security since it
doesn't use the hard drive - unless you are low on RAM). Note, however,
this approach doesn't protect the system from a hook into pipe()...but
that's a whole other security issue - that is, if your users can modify the
system's Run-Time Libraries, you've got more problems than just someone
hooking into pipe() to get OpenSSL configuration information.
Hope this helps!
Thomas J. Hruska -- [EMAIL PROTECTED]
Shining Light Productions -- "Meeting the needs of fellow programmers"
http://www.shininglightpro.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
