From: Chris R. <chr...@me...> - 2001-10-19 09:45:17
|
ma...@mj... wrote: > It's been a long, long time since I looked at that code (hell, I can't > even remember the last time I wrote any Perl ;), but I think it has to > do with the underlying Perl SSL libraries. > > Mark > > On 18 Oct 01, at 9:28, Tim Church wrote: > >> I have a couple of questions and comments about using certificates. >> First, why dos perl-ldap (Net::LDAPS and Net::LDAP) require the cert >> and key to be in files? Why can't I just load them up in memory and >> stream them through the connection? >> >> Right now, the key has to be stored in a file, in the CLEAR, no >> encryption. Mark's right - the problem is that the underlying Net::SSLeay module (this is a wrapper around the openssl library) appears to require that all certs and keys live in files. As for keeping the keys encrypted or not - obviously it is risky to have them unencrypted. It would probably be OK to require certs and keys were in files if they were secure. (You probably only care that the key is encrypted. The cert should be in the directory of course, and therefore publically available :-) There looks as though there might be a way of using encrypted keys as openssl appears to have some kind of callback mechanism to get the decrypting password, but I'll have to figure out how to get all that working properly. If anyone's got any clues or patches...:-) Cheers, Chris |