Re: Supporting Windows SChannel as OpenSSL replacement

On 06/09/2014 02:53 PM, Magnus Hagander wrote:
> Also, my memory says that SChannel doesn't support the key file format that
> we use now, which makes a much bigger break with the supported platforms.
> That may have changed of course - have you researched that part?

A quick web search turned up a few discussion forums threads with a
recipe for this (e.g
https://stackoverflow.com/questions/1231178/load-an-x509-pem-file-into-windows-cryptoapi)
There's no direct "read this file" function, but there are low-level
functions that can decode the file format once it's read into memory. So
it seems possible to make it work.

> It's also a question of if we can accept supporting a different set of
> libraries on the server vs on the client. It's really on the client that
> it's a bigger problem, but in the end I think we want to have "symmetrical
> support". But it might be worth doing just the client side initially, and
> then move to the server. I think in general, the client side is actually
> likely to be *harder* than the server side..

Once we've modified the client to support multiple libraries, it's
probably not much extra effort to do the same to the server. I wouldn't
like to support different libraries in client and server, if only
because it would be more complicated to have separate ./configure
options for client and server.

- Heikki