> What im talking about is functions like a2i_ASN1_INTEGER. > When i check the crypto library documentation on openssl.org > for usage or such, there is no man page available, > actually.. the entire asn1 section is blacked out.
There's no reason you need to use that function. The load_serial/save_serial functions happen to work in a very weird way, but there's really no reason anyone needs to understand them. Just pick a serial number any way that you want to. > You guys are making me think that i should just > provide my client a wrapper around the openssl > tool itself, considering how frustrating it is > to use this portion of the library. I dont know, > using this library is making me jaded towards it. > You'd think an industry standard library such as > this wouldn't be so letdownish in terms of support > and documentation. I mean, this should be a 2 > function ordeal. I shouldn't have to be investing > so much time into such a largely trivial portion of > the solution. Regardless im having to do it anyway, > so im going to figure out wtf is going on and maybee > post a wrapper somewhere so another balding twentysomething > wont have to suffer the same as i am. Egad, no! You really have no business issuing a certificate if you don't understand the nitty-gritty details of what you are doing. Issuing a certificate is like signing a contract, and it is a serious mistake to invent ways not to have to read the fine print. You cannot sprinkle in a function call or two and wind up with secure software. You have to understand exactly what you are doing and exactly what your functions make the system do under the hook. The OpenSSL function calls are at precisely the right level of detail, hiding under the hood only the things you don't need to know and making sure you have to face the important issues. (Your point about the documentation is reasonable though. There are definitely some important functions that are not very well documented.) DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
