summaryrefslogtreecommitdiff
path: root/openssl/crypto/store/README
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-04-07 20:43:34 +0200
committerParménides GV <parmegv@sdf.org>2014-04-08 11:43:27 +0200
commitc206a91d320995f37f8abb33188bfd384249da3d (patch)
tree10a7d8a9dd7f24437ac4851b8d01edbd5dd3ee3b /openssl/crypto/store/README
parent910b0e1746ab3f63e63808b198ad51fec5b635e5 (diff)
Next step: compile jni sources correctly.
Diffstat (limited to 'openssl/crypto/store/README')
-rw-r--r--openssl/crypto/store/README95
1 files changed, 0 insertions, 95 deletions
diff --git a/openssl/crypto/store/README b/openssl/crypto/store/README
deleted file mode 100644
index 966168f6..00000000
--- a/openssl/crypto/store/README
+++ /dev/null
@@ -1,95 +0,0 @@
-The STORE type
-==============
-
-A STORE, as defined in this code section, is really a rather simple
-thing which stores objects and per-object associations to a number
-of attributes. What attributes are supported entirely depends on
-the particular implementation of a STORE. It has some support for
-generation of certain objects (for example, keys and CRLs).
-
-
-Supported object types
-----------------------
-
-For now, the objects that are supported are the following:
-
-X.509 certificate
-X.509 CRL
-private key
-public key
-number
-arbitrary (application) data
-
-The intention is that a STORE should be able to store everything
-needed by an application that wants a cert/key store, as well as
-the data a CA might need to store (this includes the serial number
-counter, which explains the support for numbers).
-
-
-Supported attribute types
--------------------------
-
-For now, the following attributes are supported:
-
-Friendly Name - the value is a normal C string
-Key ID - the value is a 160 bit SHA1 hash
-Issuer Key ID - the value is a 160 bit SHA1 hash
-Subject Key ID - the value is a 160 bit SHA1 hash
-Issuer/Serial Hash - the value is a 160 bit SHA1 hash
-Issuer - the value is a X509_NAME
-Serial - the value is a BIGNUM
-Subject - the value is a X509_NAME
-Certificate Hash - the value is a 160 bit SHA1 hash
-Email - the value is a normal C string
-Filename - the value is a normal C string
-
-It is expected that these attributes should be enough to support
-the need from most, if not all, current applications. Applications
-that need to do certificate verification would typically use Subject
-Key ID, Issuer/Serial Hash or Subject to look up issuer certificates.
-S/MIME applications would typically use Email to look up recipient
-and signer certificates.
-
-There's added support for combined sets of attributes to search for,
-with the special OR attribute.
-
-
-Supported basic functionality
------------------------------
-
-The functions that are supported through the STORE type are these:
-
-generate_object - for example to generate keys and CRLs
-get_object - to look up one object
- NOTE: this function is really rather
- redundant and probably of lesser usage
- than the list functions
-store_object - store an object and the attributes
- associated with it
-modify_object - modify the attributes associated with
- a specific object
-revoke_object - revoke an object
- NOTE: this only marks an object as
- invalid, it doesn't remove the object
- from the database
-delete_object - remove an object from the database
-list_object - list objects associated with a given
- set of attributes
- NOTE: this is really four functions:
- list_start, list_next, list_end and
- list_endp
-update_store - update the internal data of the store
-lock_store - lock the store
-unlock_store - unlock the store
-
-The list functions need some extra explanation: list_start is
-used to set up a lookup. That's where the attributes to use in
-the search are set up. It returns a search context. list_next
-returns the next object searched for. list_end closes the search.
-list_endp is used to check if we have reached the end.
-
-A few words on the store functions as well: update_store is
-typically used by a CA application to update the internal
-structure of a database. This may for example involve automatic
-removal of expired certificates. lock_store and unlock_store
-are used for locking a store to allow exclusive writes.