> Hi,
>
> Does anyone have any examples/advice on configuring openssl on the fly. So
> far I have used OPENSSL_config() to load a config file like this.
>
> [openssl_def]
> engines = engine_section
>
> [engine_section]
> pkcs11 = pkcs11_section
>
> [pkcs11_section]
> engine_id = pkcs11
> dynamic_path = /opt/engine_pkcs11-0.1.3/lib/engines/engine_pkcs11.so
> MODULE_PATH = /usr/lib/libpkcs11.so
> PIN = nominet1:abc123
> init = 0
>
> The config contains the PIN needed to access a keystore but I would prefer
> to prompt the user for the pin. I guess I could do something with
> CONF_modules_load but have the feeling that there must be an easier or
> more elegant way!
>
The configuration is sending a sequence of control commands to the ENGINE. So
if you send an ENGINE ctrl to the "pkcs11" engine with name "PIN" and value
"whatever_PIN" it should work. There might be a way to prompt for the PIN as
well: check the specific doc for that ENGINE.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org