On Tue, Dec 28, 2004, Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Tue, 28 Dec 2004 14:32:21 +0100, "Dr. > Stephen Henson" <[EMAIL PROTECTED]> said: > > steve> It should really always ask for a password, or better still > steve> handle the PKCS#12 file as a special case and obtain user > steve> certificate, private key and optionally additional certificates > steve> from it. > > Really, the PKCS12_Parse() should have been designed to take a > passphrase callback. PKCS12_Parse_ex(), maybe? >
Well that was part of the spec long ago, I did ask if they needed a PEM style callback but no, a password argument was what they wanted. I'd planned a PKCS12_parse_ex() which could (among other things) handle complex PKCS#12 files and avoid all the garbage in pkcs12.c. There are some complications with a PEM style passphrase callback, for example there can be multiple passwords on different parts of the file. There are also several types of "no password" in use. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
