wpa_supplicant and blobs

[Branko Subasic]

On Thu, 2006-09-07 at 12:45 -0400, Bryan Kadzban wrote:
> On Thu, Sep 07, 2006 at 03:41:57PM +0200, Branko Subasic wrote:
> > I have made some changes in tls_openssl.c to allow certificate and
> > private key blobs in PEM format as well. These changes solve my
> > problem. 
> 
> Would it be easier to just convert the cert and private key to DER
> format on another box (that has the openssl binary)?
> 

Yes, definitively.

> # For the cert:
> openssl x509 -in certfile.pem -inform PEM -outform DER -out certfile.der
> 

It's an application on an embedded platform. The OpenSSL apps are not
present, only the lib is. And the app must be able to handle PEM as
well.
It means that I would have to write the code for the conversion myself.

> There should be some other openssl mini-utility that does the same
> conversion for private keys, but I can't find it.  The conversion itself
> should be as simple as base64-decoding the data after the first blank
> line in the PEM file and before the -----END RSA PRIVATE KEY-----
> trailer.
> 
> Then use the certfile.der and decoded-base64-data files as blobs.

If the private key is encrypted, i.e. passphrase protected, then I would
have to decrypt it first.

One reason why I chose this approch is because most of this is already
done by the wpa_supplicant.

The other reason is that I think it would be nice if blobs are handled
analogous to files. When I first started developing I just assumed that
blobs were handled the same way as files, i.e. that it was OK to pass
certificates and keys to wpa_supplicant in PEM format as well. I think
that others may think so too. And by including these changes blobs would
be handled the same way.
Assuming that the changes themselves are OK, of course ;-)


Thanks for your reply.
/Branko