[evanandjill@gmail.com - Sun Mar 6 19:39:25 2005]:

> Hi,
>
> Somewhen between 0.9.7 and 0.9.8 (I first noticed it around 6 months
> ago),
> PKCS12 creation was refactored, and the new code left out the pkcs12
> -CSP
> implementation (the option is still accepted, but does nothing
> useful). I'm
> not sure if this was intentional or not, but I didn't see that any
> mention
> of removing the -CSP function in the ChangeLog.
>


No it wasn't intentional, thanks for the report.

> I wrote a patch to add back in CSP support to 0.9.8 (please see
> attached) by
> cut-and-pasting the missing function call from 0.9.7 and adding a bit
> of
> glue. I also added the pkcs12 -CSP command line option to the help
> and man
> page. This patch is against openssl-SNAP-20050305. I am Canadian and
> did
> this in Australia.
>


Unfortunately I can't just modify the PKCS12_create() function by adding
an extra argument because that would break existing code.

I'll have to either find a way of attaching a "CSP name" atribute to a
private key or use the medium level APIs instead of the high level
PKCS12_create.

Steve.



__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org