tags:

views:

129

answers:

1
+1  Q: 

OpenSSL with unicode paths

Hi all, I have an implementation of SSL handshake from the client side, by using these functions: SSL_CTX_load_verify_locations SSL_CTX_use_certificate_chain_file SSL_CTX_use_PrivateKey_file

All functions get char* type for the filename parameter. How can I change it to support also unicode file locations?

Thanks!

A: 

On which platform? OpenSSL under Posix supports UTF-8 paths, but not on other platforms. Chances are, you will have to manually load the certificate files yourself using standard OS file I/O functions that support Unicode paths, and then parse the raw data and load it into OpenSSL, such as via PEM_read_bio_X509 with sk_X509_NAME_push, PEM_read_bio_PrivateKey/d2i_PrivateKey_bio with SSL_CTX_use_PrivateKey, d2i_X509_bio/PEM_read_bio_X509 with SSL_CTX_use_certificate, etc.

Remy Lebeau - TeamB  2010-03-11 01:32:37
Thanks for replying.I need it to run on Windows...What is the 'mapping' for SSL_CTX_load_verify_locations?Thanks!
rursw1  2010-03-11 07:45:02
There is no direct mapping. You will have to hack it. Internally SSL_CTX_load_verify_locations() calls X509_STORE_load_locations(), which in turn calls X509_STORE_add_lookup(), X509_LOOKUP_load_file(), and X509_LOOKUP_add_dir(). Try defining a custom X509_LOOKUP_METHOD structure that opens a file any way you need, then pass that structure to X509_STORE_add_lookup() before calling X509_LOOKUP_load_file() and X509_LOOKUP_add_dir(). Since the API uses char*, you will have to use type-casting to pass a wchar_t* filename to your X509_LOOKUP_METHOD implementation.
Remy Lebeau - TeamB  2010-03-11 23:53:40
Look in ssl_lib.c, x509_d2.c, x509_lu.c, and by_file.c to see how the current implementation of SSL_CTX_load_verify_locations() is set up. It's default X509_LOOKUP_METHOD used, SSL_LOOKUP_file(), uses the BIO API to read certificate files. You will likely have to make your implementation also use BIOs, but you can use a BIO that is based on a FILE* so you can call _wfopen() to open Unicode filenames.
Remy Lebeau - TeamB  2010-03-11 23:59:47
Thanks a lot!!!
rursw1  2010-03-14 09:48:53
And what about SSL_CTX_use_certificate_chain_file?
rursw1  2010-03-23 13:12:50
It sounds like you are not looking at the OpenSSL source code. I strongly suggest you do. These are not overly complicated functions to reproduce manually.
Remy Lebeau - TeamB  2010-03-24 09:53:48
You're right... Thanks
rursw1  2010-03-24 10:52:18

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security