On Wed, Aug 16, 2006, rz1a@mail.ru wrote:

> Hello Nils,
> Tuesday, August 15, 2006, 11:17:08 PM, you wrote:
> >> I do not need any networking in my project, so I'd rather prefer to
> >> create a new SSL_CTX object with a call of "SSL_CTX_new( NULL)" and
> >> populate it with other methods (if nesessary) later.

> NL> what do you want to do with such a ssl context ?
> I need just a very basic support for reading and writing the
> PEM-encoded keys - I re-invent some proprietary tool for creating what
> is called the "Mini Certificates" of proprietary design
> (Sipura|Linksys's for embedded devices). Having the SSL context
> initialized allows for transparent support of pass-phrase-protected
> keys. Untill I initialised SSL_CTX I was not able even to call my own
> password callback in a string like that:
> "ca_rsa = PEM_read_RSAPrivateKey( fp, NULL, my-passwd-cb, NULL );"

You don't need the SSL library at all for that call to work. If it fails for
encrypted keys and if you check the FAQ you'll see that its the lack of a call
to OpenSSL_add_all_algorithms() or similar that is missing.

However that call will add lots of alrgorithms you don't need. You can
manually add the algorithms you need and reduce the footprint.

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org