Crypto boundary and certification: Difference between revisions

From Libreswan
Jump to navigation Jump to search
(Created page with " Paul to document, explain and implement the crypto boundary")
 
No edit summary
 
Line 1: Line 1:


Paul to document, explain and implement the crypto boundary
Paul to document, explain and implement the crypto boundary
Is there a readonly and writeonly path for crypto ?
NSS debugging / logging should be fixed before this, so we don't need to change any crypto files.
This also depends on putting CRLs/certs into nss, and not using the "openssl" methods of loading from /etc/ipsec.d/
so ifdef NSS/OPENSSL needs to happen before this.
nss errors returns numbers, and you need to do a call to nss to get the string message length, then allcoate that space and send it to another nss function.
we need an nss module, that is thread safe, to deal with the logging.

Latest revision as of 12:03, 5 June 2013

Paul to document, explain and implement the crypto boundary


Is there a readonly and writeonly path for crypto ?

NSS debugging / logging should be fixed before this, so we don't need to change any crypto files.


This also depends on putting CRLs/certs into nss, and not using the "openssl" methods of loading from /etc/ipsec.d/


so ifdef NSS/OPENSSL needs to happen before this.


nss errors returns numbers, and you need to do a call to nss to get the string message length, then allcoate that space and send it to another nss function.

we need an nss module, that is thread safe, to deal with the logging.