Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:48311 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 8314 invoked from network); 18 May 2010 09:06:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 May 2010 09:06:18 -0000 X-Host-Fingerprint: 86.147.36.254 host86-147-36-254.range86-147.btcentralplus.com Received: from [86.147.36.254] ([86.147.36.254:29248] helo=localhost.localdomain) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id CC/D0-02762-88852FB4 for ; Tue, 18 May 2010 05:06:16 -0400 Message-ID: To: internals@lists.php.net Date: Tue, 18 May 2010 10:05:57 +0100 User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Posted-By: 86.147.36.254 Subject: SPKAC support for openssl in PHP From: nrixham@gmail.com (Nathan Rixham) Hi All, Wondering if there is any support for SPKAC [1] in the openssl extension for PHP? If not is it planned, and if not can it be? KEYGEN/SPKAC support is growing in the UA vendors and KEYGEN is part of HTML5, being the preferred way to generate client side SSL certificates since the private key never leaves the browser. Further the need for client side certificate generation will be growing somewhat over the next couple of years thanks to FOAF+SSL - which I believe is about to start going through standardisation. At the minute we have to take a rather hacky approach in PHP [2] and it get's much worse if you want to use x509 v3 extensions, you have to go through a nasty process of using a bash script to gen a custom openssl.conf on the fly to use in the SPKAC request. Best, Nathan [1] http://en.wikipedia.org/wiki/Spkac [2] http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080714/07ea5534/attachment.txt