ssl engine #1247
ssl engine #1247
Conversation
|
because "test95-3-offline-buffering-auto-reconnect-static" case always timeout , but i don't think is't my fault, so I'll take it out first. |
There was a problem hiding this comment.
Thank you @shawshank119 !
The only part I don't like is not having the ability to use the default OpenSSL configuration (which in all my projects is default). It would be great if you could avoid loading the config (or load the default config) when engineConfFile is not set.
| @@ -1062,6 +1062,7 @@ typedef struct | |||
| * 2 means no ssl_error_context, ssl_error_cb | |||
| * 3 means no ssl_psk_cb, ssl_psk_context, disableDefaultTrustStore | |||
| * 4 means no protos, protos_len | |||
| * 5 means no ssl engine | |||
| const char* engineId; | ||
|
|
||
| /** engine config file Only used if struct_version is >= 6.*/ | ||
| const char* engineConfFile; |
| @@ -686,6 +687,15 @@ typedef struct | |||
| /** The password to load the client's privateKey if encrypted. */ | |||
| const char* privateKeyPassword; | |||
|
|
|||
| /** Key mode "ENG" for engine or "PEM" for pem format Only used if struct_version is >= 6.*/ | |||
| const char* keyType; | |||
There was a problem hiding this comment.
Could this be an enum instead of string?
| { | ||
| if (!load_openssl_config) | ||
| { | ||
| if (CONF_modules_load_file(opts->engineConfFile, "openssl_conf", 0) != 1) { |
There was a problem hiding this comment.
Why is loading configuration necessary? I would prefer that the default OpenSSL configuration is used instead of allowing applications modify it.
(E.g. https://github.com/dotnet/runtime/pull/88656/files#diff-b4a7a922ce304a412632e8b5a25c5f5a87fe5b3e63f639a5eb63a9c7b02668f9R279)
Either way, the code should allow for the case where engineConfFile is NULL.
|
@shawshank119 I didn't see it originally: I think PRs should be sent to the |
|
@shawshank119 I have previously written a test for our library using a Docker container, SoftHSM and p11: We could re-use this to test the functionality end-to-end. @icraggs (and other maintainers) please let us know if the code change is acceptable and I can reserve some time to add the tests. |
|
Parts of the code in this PR are identical with #1224. |
Thank you for your mqtt code. i add ssl engine mode for load private key. please check and merge.